from the i-blame-the-schools dept.
jfruh writes: "Creators of compilers are in an arms race to improve performance. But according to a presentation at this week's annual USENIX conference, those performance boosts can undermine your code's security. For instance, a compiler might find a subroutine that checks a huge bound of memory beyond what's allocated to the program, decide it's an error, and eliminate it from the compiled machine code — even though it's a necessary defense against buffer overflow attacks."
"Card readers? We don't need no stinking card readers."
-- Peter da Silva (at the National Academy of Sciencies, 1965, in a
particularly vivid fantasy)