[Cryptography] "NSA-linked Cisco exploit poses bigger threat than previously thought"

[Jerry Leichter]

> As someone who has used C since about 1976, I can safely say that it was 
> never designed to be secure; it is merely a high-level assembly language.
> 
> Yes, it has structure, but it's still a high-level assembly language; if 
> you want a secure language then use one.  Using it otherwise is like 
> putting lipstick upon a pig, viz: it's still a pig, no matter how much 
> lipstick is used.
C will never be safe.  But it could be safer.  When the hazard is in the way the language is used, well, the language is what it is.  The only thing that can help is avoidance of dangerous styles in favor of safer ones.

When the danger comes from the libraries - either in the interfaces they present, or in the things they *could* cover safely but instead leave to programmers to consistently re-implement, often unsafely - the libraries *could* be improved.

It's easy to forget, but one of the innovations in C was to move many facilities from the core of the language out to libraries.  Earlier languages had build-in I/O operations, build-in string manipulation, even special mechanisms for mathematical functions.  C tossed all that.  The only build in support for any of this stuff is string constants.  Everything else is in the libraries - and early on, they actually changed considerably.

In principle, they could change again.

Not that I consider this at all likely.  There's way too much stuff built on the current base, way too many programmers who think strcat() is built into C.

Still, one must hope.
                                                        -- Jerry