[Cryptography] GCC bug 30475 (was Re: bounded pointers in C)
Arnold Reinhold
agr at me.com
Fri May 2 18:38:34 EDT 2014
On May 2, 2014, at 8:44 AM, Benjamin Kreuter <brk7bx at virginia.edu> wrote:
> On Thu, 2014-05-01 at 17:36 -0400, Arnold Reinhold wrote:
>
>> After the developers have been told that a specific optimization is
>> potentially causing widespread security and safety problems, I think it
>> is evil.
>
> Yeah, and once upon a time people made use of gets(). The response was
> to demand that people replace gets() with fgets(). Why should the
> response to this class of bug -- relying on undefined behavior in a
> safety check -- be any different?
Excellent example. I completely agree, it shouldn’t be. But it is:
1. The gets() problem was a real one affecting most, if not all platforms, not obscure hypothetical platforms or code generators of which no one seems to be able to give a real-world example.
2. The gets() problem was a security issue that was taken seriously, not brushed of with some variant of “that’s how C works, if you don’t like it, don’t use C.”
3. A clear, workable alternative, fgets(), was thought out and provided first.
4. The transition was encouraged by first depreciating gets() and then removing it from the C library, NOT by having the optimizer silently mung your code if you use gets().
...
> If your bank runs inefficient code and passes the extra operational
> costs on to you, will you be comforted by the knowledge that they did
> not use an optimizing compiler?
Knowing what I know, absolutely. If I could find a bank like that, I’d give them all my business.
I think we’re done with this thread. Thank you for a courteous exchange. You’re welcome to have the last word.
Arnold Reinhold
More information about the cryptography
mailing list