Newsportal USENET - Re: Algol For Linux

Sujet : Re: Algol For Linux
De : invalid (at) *nospam* invalid.invalid (Richard Kettlewell)
Groupes : comp.misc
Date : 14. Jul 2025, 09:10:53

Autres entêtes

Organisation : terraraq NNTP server
Message-ID : <wwvo6tnp4z6.fsf@LkoBDZeT.terraraq.uk>
References : 1 2 3
User-Agent : Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)

kludge@panix.com (Scott Dorsey) writes:

Lawrence D'Oliveiro <ldo@nz.invalid> wrote:
Ben Collver wrote:
Memory Safety Since 1958
>
Kidding, right?
>
He's probably kidding but he's got a point.
>
The number one security problem with Linux is null-terminated strings.

I’m not convinced. I skimmed the CVEs listed in [1] and only one of them
had a clear relationship to 0-terminated strings, and even that is a
false positive from Fortify.

[1] https://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/year-2025/Linux-Linux-Kernel.html

0-terminated strings are certainly a bad design (for multiple reasons)
but there’s a lot of other well-known security pitfalls in the C
language.

--
https://www.greenend.org.uk/rjk/

Date	Sujet	#	Auteur
13 Jul 25	Algol For Linux	11	Ben Collver
13 Jul 25	Re: Algol For Linux	4	Lawrence D'Oliveiro
14 Jul 25	Re: Algol For Linux	3	Scott Dorsey
14 Jul 25	Re: Algol For Linux	2	Richard Kettlewell
21 Jul16:53	Re: Algol For Linux	1	Dan Cross
13 Jul 25	Re: Algol For Linux	1	yeti
14 Jul 25	Re: Algol For Linux	1	Sylvia Else
20 Jul14:50	Re: Algol For Linux	3	Sylvia Else
20 Jul17:48	Re: Algol For Linux	1	yeti
20 Jul21:23	Re: Algol For Linux	1	Richard Kettlewell
20 Jul04:07	Re: Algol For Linux	1	Lawrence D'Oliveiro