North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Bell Labs or Microsoft security?
- From: Marshall Eubanks
- Date: Wed Jan 29 08:56:39 2003
A world before buffer overflow exploits ?
The first (Fortran) programming course I ever took at MIT on the first
day of lab they said
1.) If you set an array index to a sufficiently large negative number
you would overwrite
the operating system and crash the system (requiring a reboot from
punched paper tape).
2.) If you did that, they would be so pissed off at you, you would
summarily fail the course.
This was back when the Fortran complier was included in each run as part
of the card deck.
I also remember overflow type hacks on the MIT Multics system, which was
constantly being hacked.
So, I agree with Sean, what were they thinking ?
On Wednesday, January 29, 2003, at 08:18 AM, Richard A Steenbergen
On Wed, Jan 29, 2003 at 03:32:41AM -0500, Sean Donelan wrote:
Possibly that bounds checking is an incredible cpu suck, there are a
FORTRAN/COBOL array bounds checking. Bell Labs answer: C. Who wants
the computer to check array lengths or pointers. Programmers know what
they are doing, and don't need to be "constrained" by the programming
language. Everyone knows programmers are better at arithmatic than
computers. A programmer would never make an off-by-one error. The
standard C run-time library. gets(char *buffer), strcpy(char *dest,
*src), what were they thinking?
many powerful things you can do in C based on the fact that there is no
bounds checking (pointers ARE your friend god damnit :P), and in a world
before buffer overflow exploits it probably didn't matter if Joe Idiot's
program crashed because he goofed? (hindsight is 20/20)
Richard A Steenbergen <firstname.lastname@example.org> http://www.e-
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1