Richard Kenner wrote:
Oh, and teaching all of the programmers out there all the subtle nuances
of C and trying to get them to write proper code: good luck. That
simply won't happen.
If people who write security-critical code in a programming language
can't take time to learn the details of that language relevant to
security issues (such as overflow handling), I think our society is in
a great deal of trouble.
I find this attitude to facile. The fact is that C is rather defective
here in its handling of overflow, and that is a potential problem. By
aggressively capitalizing on the undefined aspect, gcc is a bit
worrisome given this makes it hard to check for overflow.
Also please don't confuse "in a security context", which can arise
in all sorts of places (e.g. a mailer avoiding buffer overflow),
with "security-critical" which is a term-of-art getting into
common criteria etc.
