Re: Secure C library
- From: Chris Hills <chris@xxxxxxxxxxxx>
- Date: Sat, 10 Sep 2005 14:25:48 +0100
In article <LkrTe.7$Q%2.4@xxxxxxxxxxxxxxxxxxxx>, Derek M. Jones
<derek@xxxxxxxxxxxxxxxxxxxx> writes
>>
>> Then come to the meetings and help clean it up.
>
>Or come to meetings and help kill it off.
>
>Either way, power is in the hands of people who attend the meetings.
That is true of *any* committee based system.
Can you think of a better way? That is a serious question and not just
for language standardisation.
> >>I understand the issues being addressed, but I really think the current
>>>proposal uglies up the language, is redundant, goes against the spirit
>>>of C and probably won't actually do much to make software more secure.
>
>The really bad news is that there are likely to be more C TRs showing
>up. Special interest groups are starting to notice that they can
>get their favorite functions enshrined as a 'Standard' by packaging
>them up as a C TR.
This is a serious problem in my mind. The Embedded TR is one like that.
There will be others trying to enshrine their own some times commercial
stuff into the standard.
In some cases eg IBM with the new decimal maths it is legitimate but how
do you sort out the good from the marketing opportunities?
>> Thank you for sharing. Evidently some hard working people feel
>> differently, however. And you haven't demonstrated a very deep
>> understanding of the TR, which makes your opinion rather less
>> valuable.
>
>There's an interesting idea. Only C committee members with a deep
>understanding of an issue get to vote on it. Who gets to set the
>qualifying test questions?
Now that will be a fun idea. Can we start with the Embedded TR? Other
committees (not ISO) limit membership to those with real industrial
experience of the domain.
This tends to be self selecting as it is usually commercial companies
driving it and they do invest in the standards because they directly
effect their market. Eg many of the hardware standards, CAN, UML etc
>>>I wonder how many other people feel the same way.
>> Doesn't matter to me. This ain't reality TV.
>
>Only because we would not pull in sufficient viewing figures to get on
>TV. This TR is all about sound bite. Tack an _s on some functions that
>can be implemented in a day or so and voila C has been secured!
My Hero!! :-) Vote for Derek saviour of the planet.... ! And we all die
happy.. well, die anyway. Derek is right I have some severe misgivings
about this TR.
I recall a thread in another NG that said Pascal was better than C
because the compiler would not let dangerous code through therefor
Pascal was a "safe" language. I can see a similar thing here. Use the _s
functions and it *MUST* be safe and secure C if it compiles....
>I'm sure some people will make use of these functions, but I suspect
>these will be those who would have probably written their own wrappers
>(or worked in development groups that required this usage).
I expect that those who write their own wrappers will continue to do so
with the standard library. People who want safe/secure library call are
going to do their own error checking and security. I can't see them
trusting some one else.
This is why I think this is a pointless TR. In some ways a marketing
opportunity and a way of getting some credibility for some companies.
>Do I have a better solution to security issues? Spending more time
>and money on the implementation and testing of applications is the
>answer.
Heretic :-) I would have thought that you would still need the same
amount of testing with or without the secure library.
As you say the answer is good implementation process and testing.
Anything else is a sticking plaster on the problem.
> As we all know this is rarely an acceptable solution.
>Pointer checking? My experience is that most code has so many
>'harmless' pointer errors that many developers find the checks
>"of no value".
:-) When I was in the armed forces I was told that "empty" guns kill
more people than loaded ones...
>At the end of the day the problem will only be 'solved' when
>developers and managers start doing jail time.
BLOODY GOOD IDEA.
See corporate manslaughter bill (UK) and licensing of SW Engineers that
is coming in in many parts of the world.
>Those of you interesting in appreciating the mind-set of truly
>awful developers might like to check out:
>http://www.thedailywtf.com/
If it can be done it will be done. Murphy and Sod were inter-related (by
pointers)
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@xxxxxxxxxxxx www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
.
- Follow-Ups:
- Re: Secure C library
- From: Douglas A. Gwyn
- Re: Secure C library
- From: P.J. Plauger
- Re: Secure C library
- References:
- Secure C library
- From: jacob navia
- Re: Secure C library
- From: P.J. Plauger
- Re: Secure C library
- From: Robert Gamble
- Re: Secure C library
- From: P.J. Plauger
- Re: Secure C library
- From: Robert Gamble
- Re: Secure C library
- From: P.J. Plauger
- Re: Secure C library
- From: Derek M. Jones
- Secure C library
- Prev by Date: Re: C90 is now in print again and available!!!!
- Next by Date: Re: Secure C library
- Previous by thread: Re: Secure C library
- Next by thread: Re: Secure C library
- Index(es):
Relevant Pages
|
