Date: Tue, 20 Oct 1998 10:44:37 -0400 (EDT)
From: (Kragen) <[email protected]>
To: "Chuck W." <[email protected]>
Subject: Re: "chat"
Cc: [email protected]
On Tue, 20 Oct 1998, Chuck W. wrote:
> Just curious, is there an official programming standard that, when
> followed strictly, has a tendency to create programs that are free of
> overflow programs?
There are lots of ways to do this.
(a) Write your programs in a language that has string data types that
expand dynamically, like Perl, elisp, Tcl, Python, sh, BASIC, etc.
(Although maybe sh is not the best language to choose for security. :)
(b) Don't use the C standard library functions strncpy, strcpy, strcat,
etc. Instead, use an abstract string data type that knows how long it
is, and won't let you overflow it. qmail uses something called a
"stralloc", which is very lightweight (I reimplemented it in a page or
so of Forth), and C++ includes a standard-library data type that also
does this. If you're programming on Microsoft Windows with MFC, you
can use the CString type.
(c) Use the C standard library functions but be very careful. ;)
(d) Use a C compiler that bounds-checks all pointer accesses.
Any of these, if followed perfectly, will produce programs that are
free of buffer-overflow problems. Some are easier to follow than
others.
Kragen (no, I wasn't really suggesting that BASIC or MFC were good ideas)
--
<[email protected]> Kragen Sitaker <http://www.pobox.com/~kragen/>;
A well designed system must take people into account. . . . It's hard to
build a system that provides strong authentication on top of systems that
can be penetrated by knowing someone's mother's maiden name. -- Schneier
