[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: two good poems -> JSP/Perl/PHP/C/CGI etc etc for www

To: linux-delhi@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: two good poems -> JSP/Perl/PHP/C/CGI etc etc for www
From: Raju Mathur <raju@xxxxxxxxxxxxxxx>
Date: Mon, 19 Feb 2001 08:16:43 +0530 (IST)
In-reply-to: <002b01c09848$a9508e70$010811ac@BIG>
References: <20010217100647.A801@black-satan> <14990.3567.720865.173126@localhost.localdomain> <000b01c098b6$29565f10$8900000a@aclindia.com> <20010218001011.C878@bigfoot.com> <000e01c09806$fc5ccda0$010811ac@BIG> <3A8F26DA.E5E9083A@c3ipros.com> <002b01c09848$a9508e70$010811ac@BIG>
Reply-to: raju@xxxxxxxxxxxxxxx

>>>>> "Amit" == Amit Soni <amitsoni@xxxxxxxxxxxx> writes:

    Amit> [snip]
    Amit> BTW my question still stands ...why is C/C++ risky ?? for
    Amit> CGI applications.

Languages like Perl and Java do dynamic allocation of memory for
strings, unlike C/C++ where the programmer has to define the size of
each string in advance.  Thus in C and C++ it's easy to find programs
written by careless programmers where string buffers and stacks can be
overflowed by sending data larger than the programmer anticipated,
which can in turn lead to serious security problems.

I don't have the exact statistics, but my guess would be that about
75% of all vulnerabilities reported in Linux and Winduhs over the past
year have been due to buffer overflow problems, all in programs
written in C/C++.

I'm not bringing SuidPerl and Taint mode into this discussion --
that's another story altogether (man perlsec for details).

Regards,

-- Raju
-- 
Raju Mathur          raju@xxxxxxxxxxxxx           http://kandalaya.org/

References:
- Re: two good poems
  - From: Pankaj Kaushal
- Re: two good poems
  - From: Raju Mathur
- Re: two good poems
  - From: Ambar Roy
- Re: two good poems
  - From: Sandip Bhattacharya
- Re: two good poems -> JSP/Perl/PHP/C/CGI etc etc for www
  - From: Amit Soni
- Re: two good poems -> JSP/Perl/PHP/C/CGI etc etc for www
  - From: Nishikant Kapoor
- Re: two good poems -> JSP/Perl/PHP/C/CGI etc etc for www
  - From: Amit Soni

Prev by Subject: Re: two good poems -> JSP/Perl/PHP/C/CGI etc etc for www
Next by Subject: Re: two good poems -> JSP/Perl/PHP/C/CGI etc etc for www
Previous by thread: Re: two good poems -> JSP/Perl/PHP/C/CGI etc etc for www
Next by thread: Re: two good poems -> JSP/Perl/PHP/C/CGI etc etc for www
Index(es):
- Subject
- Thread