Edward,
This grumpy old man who is so old he started coding when BASIC had line
numbers and 8bit Motorola 6800 assembler was state of the art says:-
Don't let others harden the code.
Do it properly from the start.
After many years or using C and C++ my working life is now spent writing
Perl.
Sometimes it irritates me, but when one line of Perl does what a sheet
of A4 full of C can do, well, that cheers me up!
And don't forget, you can inline Perl into C to handle those awkward
bits, and you can inline C into Perl to make that bit go faster.
DaveT
On 19/08/15 18:14, Edward Bartolo wrote:
I am not assuming anything and understand the risks of buffer
overflows. The first step I am taking is to make the code function.
The second step is further debug it until it behaves properly and the
third step is to correct any potential security issues. As anyone can
understand, projects, whatever they are, are not completed in one
step. Furthermore, debugging is a lengthy process and part of it is
removing potential security holes.
As to studying other languages, here, you are NOT talking to a youth
in his twenties or his teens, but to a 48 year old. Learning a new
language is a lengthy process and the ones I know are far more than
enough for what I do.
Devuan's team of developers is not in any way obliged to accept my
code. Any developer who may feel the need to harden the code is free
to do so.
Thanks
On 19/08/2015, Hendrik Boom <[email protected]> wrote:
On Wed, Aug 19, 2015 at 06:46:36PM +0200, Laurent Bercot wrote:
On 19/08/2015 15:29, Edward Bartolo wrote:
This is the completed C backend with all functions tested to work. Any
suggestions as to modifications are welcome.
OK, someone has to be the bad guy. Let it be me.
First, please note that what I'm saying is not meant to discourage you.
I appreciate your enthusiasm and willingness to contribute open source
software. What I'm saying is meant to make you realize that writing
secure software is difficult, especially in C/Unix, which is full of
pitfalls. As long as you're unfamiliar with the C/Unix API and all its
standard traps, I would advise you to refrain from writing code that
is going to be run as root; if you want to be operational right away
and contribute system software right now, it's probably easier to stick
to higher-level languages, such as Perl, Python, or whatever the FotM
interpreted language is at this time. It won't be as satisfying, and the
programs won't be as efficient, but it will be safer.
Or try some of the less known, but compiled, efficient, strongly and
securely type-checked languages such as Modula 3 or OCaml.
-- hendrik
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
