*BSD News Article 49569


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!yarrina.connect.com.au!munnari.oz.au!spool.mu.edu!howland.reston.ans.net!gatech!ncar!newshost.lanl.gov!ferrari.mst6.lanl.gov!tesuque.cs.sandia.gov!lynx.unm.edu!chaos.aoc.nrao.edu!usenet
From: cflatter@nrao.edu (Chris Flatters)
Newsgroups: misc.jobs.offered,comp.lang.c,comp.lang.c++,comp.lang.c-cat,comp.object,comp.lang.eiffel,alt.syntax.tactical,comp.lang.misc,comp.unix.bsd.386bsd.misc
Subject: Re: [--] Re: Beginner to C/C++ looking for some good books
Date: 29 Aug 1995 17:52:15 GMT
Organization: NRAO
Lines: 30
Message-ID: <41vk4f$r1v@chaos.aoc.nrao.edu>
References: <DAVIS.95Aug28125457@halles.ilog.fr>
Reply-To: cflatter@nrao.edu
NNTP-Posting-Host: laphroaig.aoc.nrao.edu
Xref: euryale.cc.adfa.oz.au misc.jobs.offered:195298 comp.lang.c:110865 comp.lang.c++:121280 comp.object:30901 comp.lang.eiffel:8997 alt.syntax.tactical:920 comp.lang.misc:17129 comp.unix.bsd.386bsd.misc:136

In article <DAVIS.95Aug28125457@halles.ilog.fr>, davis@ilog.fr (Harley Davis) writes:
>
>In article <41m918$jkf@nova.umuc.edu> coates@nova.umuc.edu (Elliott Coates) writes:
>> On type safety, modular structures, syntax, and pointers - how is C++ 
>> deficient?  Agreed there are no built-ins for array boundary checking, 
>> but the C++, and C programmer knows to check for this.
>
>How do you then explain the Internet worm, which exploited a unchecked
>array write bug in the C program sendmail?  Perhaps the author of
>sendmail wasn't a C programmer?
>

Note, also that the fuzz checking of Miller et al. manages to crash or
hang between 15 and 43% of commercial Unix utilities.  The overwhelming
majority of these problems were due to array-subscript errors and pointer
errors.   One assumes that Unix vendors require that people working on
their OS utilities have some knowledge of the language they were written
in (C).

The original fuzz paper was Miller, B.P., Fredrickson, L. and So. B,
An Empirical Study of the Reliability of UNIX Utilities, CACM Vol. 33,
No. 12 (Dec 1990), pp32-44.  A follo-up paper is available on the Web
but I've lost the URL (fortunately after printing the paper out).

-- 
------------------------------------------------------------------------------
Chris Flatters						cflatter@nrao.edu
------------------------------------------------------------------------------