Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • There isn't a buffer overflow risk with using strcmp. The argv from main are always properly zero-terminated. They could be pretty large but that doesn't matter cause I don't see them being copied.

    Also, the risk with strcmp with a big buffer is a segfault. There is no writing going on so there is no buffer overflow danger.

  • ...but not necessarily more secure in practice

    . Economic theory suggests that, at least to first order effects, the ease of searching for problems in open source code offsets the improved quality making the practical security equivalent. (However other bugs are less.)

    For details, see Security in Open versus Closed Systems - the Dance of Boltzmann, Coase and Moore [cam.ac.uk]. (From Economics and Security Resource Page [cam.ac.uk].)

  • It's a nice thought. OS doesn't necessarily yield better programs, but better programmers.

    But the environment in which we develop software today vs. a few decades ago is different in more important ways than that. Just imagine not having that Internet thingy available. At all.

    No more googling for error messages, no FAQs, no quick answers to basic questions, no more interesting online discussion. Just you, alone in your cave, making the same mistakes as everyone else, only not knowing about it.

    In that env
  • Most of those active in the open source world, and many in the security world, believe this. However, the vast majority of people do not look at the source, and so you don't really have those many eyes. Even someone like me - technically competent, paranoid about security - doesn't really look hard at code. I rely on fora like bugtraq and full-disclosure, and lots of monitoring and logging, to alert me to security problems. If an app I want to use is buggy, I'm more likely to delete it and try something