Fedora meeting Mono Half-Way
Arjan van de Ven
arjan at fenrus.demon.nl
Thu Dec 15 17:44:00 UTC 2005
On Thu, 2005-12-15 at 12:35 -0500, Alan Cox wrote:
> On Thu, Dec 15, 2005 at 11:13:19AM -0500, Paul A Houle wrote:
> > Automatic memory management, no buffer overflows because the
> > authors didn't do string handling with superhuman care, OO programming
>
> Umm actually thats a very dangerous assumption. If the implementation in
> mono is wrong then every app in mono has the hole. We've seen this occur
> historically in other 'safe' languages. Also if there are bugs in libraries
> it uses they end up everywhere
>
> > model where people use objects to model the problem domain rather than
> > spend 20 years arguing about how to implement a linked list.
>
> g_list, g_string and friends already provide that interface set in C and
> fairly efficiently. Most gnome C apps use them and GNOME has had almost no
> buffer overrun problems. Lots of other problems but not those.
in addition the execshield tech (gcc/glibc/kernel) makes buffer
overflows basically impossible to abuse anyway (like -fstack-protector,
FORTIFY_SOURCE, NX, randomisation etc etc)
More information about the devel
mailing list