[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora meeting Mono Half-Way



On Thu, 2005-12-15 at 12:35 -0500, Alan Cox wrote:
> On Thu, Dec 15, 2005 at 11:13:19AM -0500, Paul A Houle wrote:
> >    Automatic memory management,  no buffer overflows because the 
> > authors didn't do string handling with superhuman care,  OO programming 
> 
> Umm actually thats a very dangerous assumption. If the implementation in
> mono is wrong then every app in mono has the hole. We've seen this occur
> historically in other 'safe' languages. Also if there are bugs in libraries
> it uses they end up everywhere
> 
> > model where people use objects to model the problem domain rather than 
> > spend 20 years arguing about how to implement a linked list.
> 
> g_list, g_string and friends already provide that interface set in C and
> fairly efficiently. Most gnome C apps use them and GNOME has had almost no
> buffer overrun problems. Lots of other problems but not those.

in addition the execshield tech (gcc/glibc/kernel) makes buffer
overflows basically impossible to abuse anyway (like -fstack-protector,
FORTIFY_SOURCE, NX, randomisation etc etc)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]