On Sat, Sep 17, 2005 at 08:36:11PM +0100, Ben Laurie wrote: | Adam Shostack wrote: | >On Sat, Sep 17, 2005 at 11:40:26AM -0400, Victor Duchovni wrote: | >| On Sat, Sep 17, 2005 at 11:53:20AM +0100, Ben Laurie wrote: | >| | >| > >My view is that C is fine, but it needs a real library and programmers | >| > >who learn C need to learn to use the real library, with the bare-metal | >| > >C-library used only by library developers to bootstrap new safe | >| > >primitives. | >| > | >| > So wouldn't the world be a better place if we could all agree on a | >| > single such library? Or at least, a single API. Like the STL is for | >C++. | >| > | >| | >| Yes, absolutely, but who is going to do it? | > | >The glibc people? The openbsd people? | > | >I recall that for a while if you used gets, the linker would | >complain. I can't recall what platform this was on. BSDi, maybe? | | gets is so not the problem. Using strings that _can_ overflow is the | problem. That means wrapping the entire standard library. | | And, of course, the issue is that every other library in the universe | uses C-style strings (etc.), so unless we can all agree on a better | paradigm, we're screwed.
I didn't mean to imply that gets was the issue, only that when your linker laughed at you for trying to use a function, it was an encouragement to move to other functions. That is it possible to get people to move, when there's something to move to. Adam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
