Yep. And choosing a language that eliminates whole classes of exploitable vulnerabilities is part of good architecture in my book. I won't deny that OpenSSH is comparatively well written. But writing C is much harder than most people realize. Undefined behaviour everywhere.
The verification bypass from optimization is something that many, many people are not aware of. That's my point. And it's not easily avoidable, you need to tread very carefully. And then there's alot more UB in C that could bite you.
-
-
Stop talking to me as if you can teach me C when you can’t even see the variants of the LZO/LZ4 bugs in kernel land are UB relevant, yet you call them “standard” after checking for 5 minutes. Christ. Get over yourself

-
Your undefined behavior tricks may wow infosec pros with no coding experience but anyone that writes C professionally should grok this stuff better than both you and I can. Hell, Linus gets this stuff quite well

-
This is not my experience with the vast majority of people writing C professionally. They do tend to assume signed ints have two's complement behaviour. Not everybody is Linus.
-
Tend to agree here with
@andreasdotorg. So, the prereq is being a “C pro”/Linus Torvalds? That doesn’t scale for an engineering team. Teams are composed of diverse people,not all 15 year C pros. The risks are too many and the learning curve to high for what most build today -
We naturally evolve toward higher and higher abstractions. There is always still use for the lower layers (someone is designing the fabrication processes for chips and the microcode that runs). But, it is relegated to a smaller and smaller group that eventually rounds to zero
-
And..if you are in that group, cool..we will always need those folks. But it doesn’t mean we need to encourage the “next generation” that chip fabbing, microcode, and assembly are is easier than they used to be...come on over and join us.
-
Did you miss the reply from
@paxteam that spoiled the mini blog I was going to drop today demonstrating andreas’ example is fruitless? Writing safe C is easy. He didn’t even understand that his example was moot. :) -
Not to mention, I was joking about Linus... LT is awesome but that was meant to be tongue in cheek. You guys need to drop the whole “you need to be this tall to C” antics :) it’s really not that hard.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
the entire class of bugs is the overflow, the verification bypass from optimization and pointer arithmetic. I don’t get why you think you’re being clever trying to trick me. I’m going back to bed. When I wake up give me an actual problem I didn’t solve 10 years ago.