It would be much more productive to create some sort of stupid-code
detector so we can know where to fix things. For example, hacking gcc to
offer warnings on any reference to 'auto' storage by I/O or ASCIZ string
functions, similar to that warning that ld throws when you use gets().
( I know that the nonexecutable stack patch has been shot down many times
as a security measure, but it *would* be a decent stupid-code detector
when combined with an exploit attempt. Knowing that program X attempted
to aid and abet a burglar is better than expecting someone to comb through
every line of code on the 'net on the chance that holes will be found.
The burglars already do the latter, so why not put them to work detecting
bugs for us? :-} )
-- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu Make a good day.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Aug 31 2001 - 21:00:17 EST