GSoC 2008 dma enhancements

Dan M strangepics at gmail.com
Wed Jun 11 15:23:47 PDT 2008


On Wed, Jun 11, 2008 at 5:49 PM, Joerg Sonnenberger
<joerg at britannica.bec.de> wrote:
>> The standard C string functions, as the history continues to prove us (and
>> we continue to ignore it), SUCK for writing secure software. You don't want
>> to end up with either buffer overflows or string escape vulnerabilities,
>> etc.
>
> ...and people forget that a lot of thought has been put into this. But
> some of the very basic ideas (strlcpy and strlcat) are still ignored by
> the glibc folks. asprintf is another example that simplifies correct
> string processing a lot. All those examples follow the spirit of the C
> standards and don't aim at replacing them. I'm not even sure what you

It's unfortunate that they are ignored. libowfat and the like are just
excellent libraries - a much better way than the spirit of standard
offers. These libraries don't aim at replacing standards, they just
offer better ways of doing things. Nothing wrong with that. Many
standards are simply poor standards, and the standard C handling
routines are a prime example.

> mean with string escape vulnerabilities, but if you mean the super
> class of SQL injection and similiar issues, there is no 100% solution.
> It doesn't even have a good automatic solution.
>
> Joerg

I mean parser bugs. I agree, there is no good automatic solution
(perhaps a solution would be to parse as little as possible, parsing
is certainly overused), but easy and well-designed string libraries
will only help in that regard as well.

-- 
Dan





More information about the Kernel mailing list