Why Coding Is Insecure

Stuart of Wapping writes "Even patches are not safe, especially if they come from a closed background (maybe) - An interesting article on why coding, is naturally insecure, from SecurityFocus."

Redirecting to google.com

[togtog]

Security Focus is redirecting to google. Which has a cache of the page, please use that instead.

http://www.google.com/search?q=cache:M13ch6-wvbw C: www.securityfocus.com/infocus/1541+&hl=en

so use it

[Anonymous Coward]

If you want run-time bounds checking, use run-time bounds checking. --enable-bounded is there right next to the --enable-omitfp in your glibc configure script.

Your argument that you have to do your own bounds checking, every time, is wrong. If you have a good grasp of the C language, you should be able to code perfectly secure programs that only perform bounds-checking on external (e.g. user-input) strings.

C is a lot like X: the people who criticise it are exactly the people who don't understand it. If you want bounds-checking, use bounds-checking. If you want garbage collection, use garbage collection. If you want the specific warnings that you've mentioned, use lint. ALL OF THESE TOOLS ALREADY EXIST AND ARE IN COMMON USE. It's alright if you're ignorant of these tools, but for heaven's sakes don't blame the C language for them.

Re:NSA Linux

[Dwonis]

Linux 2.4 hasn't had a serious security flaw yet. And it is at a 2.4.18 (patch) level.

The iptables connection tracking security flaw was a major flaw.