Announcement

Collapse
No announcement yet.

Linux 5.15 Working Towards Comprehensive Compile-Time & Run-Time Detection Of Buffer Overflows

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 5.15 Working Towards Comprehensive Compile-Time & Run-Time Detection Of Buffer Overflows

    Phoronix: Linux 5.15 Working Towards Comprehensive Compile-Time & Run-Time Detection Of Buffer Overflows

    The latest security effort being pursued by Google's Kees Cook is to provide full compile-time and run-time coverage of all detectable buffer overflows...

    https://www.phoronix.com/scan.php?pa...5.15-Overflows

  • #2
    This is where C doesn't shine. It is a very simple language and allows compilation to nearly every computer architecture out there, but memory management is a total mess and there are absolutely no checks, which makes the language hard to master.

    Prepare for the Rust comments...

    Comment


    • #3
      cargo +nightly new phoronix_discussion

      Comment


      • #4
        Originally posted by tildearrow View Post
        This is where C doesn't shine. It is a very simple language and allows compilation to nearly every computer architecture out there, but memory management is a total mess and there are absolutely no checks, which makes the language hard to master.
        The reason why C can support some many architectures is that its memory system is the disaster zone. So wacky architecture memory features are in the undefined sections of C so acceptable to C. Welcome to one of the fun trade offs supported computer architectures vs sanity.

        Comment


        • #5
          That's ridiculous, the whole point of a higher level Language is to abstract away the architectural details. The Compilers job is to translate the code into whatever memory setup the target machine uses.
          C is just old and clunky and not designed around being memory safe. It just wasnt a concern at the time. Most early architectures didn't even have protected memory in the first place.

          Comment


          • #6
            The real mystery is why there is no update in the language’s standard. It’s not like that compile time checks can’t be added to C.

            Comment


            • #7
              I remeber that LWN had a more in depth look at this for those that are interested but maybe not quite up to reading the patch series. This was a couple of months ago, so some details might have changed though: https://lwn.net/Articles/864521/

              Comment


              • #8
                Originally posted by Ipkh View Post
                C is just old and clunky and not designed around being memory safe.
                And it also works everywhere, on practically every device, and that's why C will never go anywhere.

                Sure, it's not perfect. Neither is the Constitiution. You don't just "bail" on it because it's old. C is tried, and proven. Just needs a good developer to code it.

                Sorry, I just feel like yours is an old (yet trendy) opinion, don't think it holds too much weight. Sure, rust improves on it. Doesn't mean you bail on C.

                Comment


                • #9
                  Originally posted by perpetually high View Post

                  And it also works everywhere, on practically every device, and that's why C will never go anywhere.

                  Sure, it's not perfect. Neither is the Constitiution. You don't just "bail" on it because it's old. C is tried, and proven. Just needs a good developer to code it.

                  Sorry, I just feel like yours is an old (yet trendy) opinion, don't think it holds too much weight. Sure, rust improves on it. Doesn't mean you bail on C.
                  You don't bail on C, you just incrementally replace it with Rust or similar.

                  Comment


                  • #10
                    Originally posted by Ipkh View Post
                    That's ridiculous, the whole point of a higher level Language is to abstract away the architectural details. The Compilers job is to translate the code into whatever memory setup the target machine uses.
                    C is just old and clunky and not designed around being memory safe. It just wasnt a concern at the time. Most early architectures didn't even have protected memory in the first place.
                    C is not a "high level language". About the only thing lower-level is writing in assembly. And it's not meant to be a high level language. It's meant to be what you use when you really, truly need the number of cycles or memory usage optimized.

                    I take it you're a Rust or Java fanboi?

                    Comment

                    Working...
                    X