I
Ian Collins
Tak-Shing Chan said:There's one: simplicity. You don't need to handle the
newlines yourself.
Discarding the last character in a buffer read with fgets() is hardly a
burden.
Tak-Shing Chan said:There's one: simplicity. You don't need to handle the
newlines yourself.
Discarding the last character in a buffer read with fgets() is hardly a
burden.
That's why they wrap fgets() in a function that checks for error andTak-Shing Chan said:A good programmer is a lazy programmer.
So you'd rather add code to warn the user than remove a newline.When the entire user base is one person, it might be feasible
to shift the burden of safety to the user. The programmer needs
only to forewarn the user of the consequences of exceeding the
prescribed line length. If the user ignores this advice, then
the responsibility lies with the user, not the programmer.
That's why they wrap fgets() in a function that checks for error and
removes the newline!
So you'd rather add code to warn the user than remove a newline.
For a five-line throw-away program, that would be overkill.
In Charles Richmond's case, the user is /also/ the
programmer, so there is no need to add code.
For a five-line throw-away program, that would be overkill.
Richard said:Tak-Shing Chan said:
If you're truly lazy - sufficiently lazy to invest a little time now in
saving a lot of work later - look up "library" when you get a minute.
[...]Tor Rustad said:Why do so many worry about *trivial* thing like gets(), when they
don't have a *clue* about writing secure programs?
Keith Thompson said:[...]Tor Rustad said:Why do so many worry about *trivial* thing like gets(), when they
don't have a *clue* about writing secure programs?
Why do so many bother to buckle their seat belts, when they don't have
a *clue* about defensive driving?
Why do so many worry about *trivial* thing like gets(), when they don't
have a *clue* about writing secure programs?
How many here worry about making their code time-independent?
or verify their calculations???
How many have done threat analysis, and used formal methods to guard
against sophisticated attacks?
Unless ppl have read/written a protection profile, you are likely quite
clueless in making a program/system secure IMO.
For starters, ppl can start to write state-diagrams of their programs,
*before* doing any programming, i.e. at the design phase.
<gd&r>
If code is correct then it is also secure.Tor Rustad said:Why do so many worry about *trivial* thing like gets(), when they don't
have a *clue* about writing secure programs?
How many here worry about making their code time-independent?
or verify their calculations???
How many have done threat analysis, and used formal methods to guard
against sophisticated attacks?
Unless ppl have read/written a protection profile, you are likely quite
clueless in making a program/system secure IMO.
For starters, ppl can start to write state-diagrams of their programs,
*before* doing any programming, i.e. at the design phase.
Why do so many worry about *trivial* thing like gets(), when they don't have
a *clue* about writing secure programs?
Tak-Shing Chan said:Irrelevant. This subthread was about *insecure* programs,
not secure ones.
P.S. When I search for "there is no problem using gets" on
Google groups, I got exactly one hit. Guess who the author was.
Keith said:[...]Tor Rustad said:Why do so many worry about *trivial* thing like gets(), when they
don't have a *clue* about writing secure programs?
Why do so many bother to buckle their seat belts, when they don't have
a *clue* about defensive driving?
Flash said:Tor Rustad wrote, On 20/05/07 16:03:
The first step in writing a secure program is not to do things you know
are insecure. Not using gets comes under this category. Even if you
believe that using gets is safe because you are in full control of the
input it would still be better to write your own replacement that takes
the size of the buffer (you know the size otherwise you do not know it
is large enough) and "fails" in a controlled manner (aborting the
program, throwing away the remainder of the line or whatever you
consider safest/most appropriate) just as a matter of normal defensive
programming.
Where that is an appropriate consideration (e.g. a login process) I will
use a tried and tested third party library from a source I have good
reason to trust. Far safer to use code from an expert than to try and
get it correct yourself!
For security related calculations I will use trusted third-party SW that
undergoes testing of sufficient rigour.
If your threat analysis says you only have to defend against simple
threats then you don't need to go too far in your protection. For
example, if the system is entirely internal *and* the level of expertise
of people on the inside is sufficiently low (builders, accountants etc)
then the cost/benefits analysis says you do not need to go that far.
That does not mean you should not avoid the more easily avoidable problems.
Unless you avoid the simple problems (which you may well do for all I
know) then you are quite likely even more clueless.
Yeah, two *totally* unrelated things. ;-)
Nice snipping, and your point is? Please read my *full* posts upthread,
before responding.
Chris Hills said:Keith Thompson said:[...]Tor Rustad said:Why do so many worry about *trivial* thing like gets(), when they
don't have a *clue* about writing secure programs?
Why do so many bother to buckle their seat belts, when they don't have
a *clue* about defensive driving?
For many types of defensive driving the first thing you do is turn off
the air bag..........
Keith Thompson said:Chris Hills said:Keith Thompson said:Tor Rustad <torust_at_online.no> writes:
[...]
Why do so many worry about *trivial* thing like gets(), when they
don't have a *clue* about writing secure programs?
[...]
Why do so many bother to buckle their seat belts, when they don't have
a *clue* about defensive driving?
For many types of defensive driving the first thing you do is turn off
the air bag..........
I'm not familiar with that, but I suppose I'll have to take your word
for it.
Since we're speaking metaphorically (and yes, I started it),
is turning off the air bag a metaphor that favors using gets()?
How about ggets is just as simple to call, and all you have to do
is remember to eventually free what it returns? Yet it is
perfectly safe.
The *first* step in building a secure system, is to design and analyze
it *before* any programming has been started. That is the hard part, in
my experience.
Now, after the spec has been implemented, time comes to testing and code
audit. When doing audit, both manual inspection and static analysis
should be done for safety-critical systems.
> Please name a single
security scanner, which don't warn about gets()!
I can't afford to trust some software, just because a company have a
good reputation or something. I want proof.
Making time-dependent PIN or password check, would be a cardinal sin for
a security programmer. DPA (differential power analysis) is is another
example of side-channel attack.
There is a lot of snake-oil on the market.
> One basic problem, is that
you can't really protect secrets in software, but need tamper-resistant
hardware.
A powerful attack is fault injection, RSA can for example be broken
after a single faulty calculation.
If the value you want to protect is low, well then of course you don't
use a TCB (Trusting Computing Base), have guards, dual access control
and video surveillance etc.
OTOH, for a bank, the insider threat is a *major* concern. However,
banks want to make money, so they take calculated risks and in some
cases, higher risks than they are aware of.
Even a non-expert application programmer know about gets(), but
they don't make secure C programs. You need a security professional to
do that, and no, I have *never* located a gets() call in such code
during audit.
Removal of gets(), will help clueless programmers, who are not building
secure software anyway. For professionals, gets() is a non-issue IMO.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.