Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!yarrina.connect.com.au!munnari.oz.au!spool.mu.edu!howland.reston.ans.net!gatech!ncar!newshost.lanl.gov!ferrari.mst6.lanl.gov!tesuque.cs.sandia.gov!lynx.unm.edu!chaos.aoc.nrao.edu!usenet From: cflatter@nrao.edu (Chris Flatters) Newsgroups: misc.jobs.offered,comp.lang.c,comp.lang.c++,comp.lang.c-cat,comp.object,comp.lang.eiffel,alt.syntax.tactical,comp.lang.misc,comp.unix.bsd.386bsd.misc Subject: Re: [--] Re: Beginner to C/C++ looking for some good books Date: 29 Aug 1995 17:52:15 GMT Organization: NRAO Lines: 30 Message-ID: <41vk4f$r1v@chaos.aoc.nrao.edu> References: <DAVIS.95Aug28125457@halles.ilog.fr> Reply-To: cflatter@nrao.edu NNTP-Posting-Host: laphroaig.aoc.nrao.edu Xref: euryale.cc.adfa.oz.au misc.jobs.offered:195298 comp.lang.c:110865 comp.lang.c++:121280 comp.object:30901 comp.lang.eiffel:8997 alt.syntax.tactical:920 comp.lang.misc:17129 comp.unix.bsd.386bsd.misc:136 In article <DAVIS.95Aug28125457@halles.ilog.fr>, davis@ilog.fr (Harley Davis) writes: > >In article <41m918$jkf@nova.umuc.edu> coates@nova.umuc.edu (Elliott Coates) writes: >> On type safety, modular structures, syntax, and pointers - how is C++ >> deficient? Agreed there are no built-ins for array boundary checking, >> but the C++, and C programmer knows to check for this. > >How do you then explain the Internet worm, which exploited a unchecked >array write bug in the C program sendmail? Perhaps the author of >sendmail wasn't a C programmer? > Note, also that the fuzz checking of Miller et al. manages to crash or hang between 15 and 43% of commercial Unix utilities. The overwhelming majority of these problems were due to array-subscript errors and pointer errors. One assumes that Unix vendors require that people working on their OS utilities have some knowledge of the language they were written in (C). The original fuzz paper was Miller, B.P., Fredrickson, L. and So. B, An Empirical Study of the Reliability of UNIX Utilities, CACM Vol. 33, No. 12 (Dec 1990), pp32-44. A follo-up paper is available on the Web but I've lost the URL (fortunately after printing the paper out). -- ------------------------------------------------------------------------------ Chris Flatters cflatter@nrao.edu ------------------------------------------------------------------------------