[Simh] Simh on Windows - long startup delays and long shutdown delays

Davis Johnson davis at frizzen.com
Sun Dec 16 20:11:48 EST 2007 

Andreas Davour wrote:

>On Sun, 16 Dec 2007, dave porter wrote:
>
>  
>
>>>Then a couple of days ago I ran across a comment on the microsoft site that
>>>the
>>>fopen instruction had been deprecated - and that one should use the fopen_s
>>>instruction instead - unless one wanted to share the file...
>>>      
>>>
>>Forget it. Microsoft thinks you shouldn't use that function, but that
>>doesn't mean you shouldn't use the function.
>>
>>MS has correctly observed that some C RTL functions (say, strcpy) are
>>unsafe in the hands of idiots. MS has therefore introduced functions
>>with better behaviour and thinks everyone should use those instead.
>>Sure, but you no longer have portable code. And there's no gain if
>>you weren't using the original function idiotically in the first place.
>>
>>Apparently, the 'security' angle of fopen_s is that if you feed
>>it incorrect arguments, it calls an invalid parameter handler rather
>>than immediately letting the MMU execption loose.
>>    
>>
>
>I wouldn't say it is such a bad idea after all. The intention with this 
>is obvious, MS lock in. But, considering the track record we have with 
>buffer overflow errors and the like I think the idea is a great one and 
>long over due. It should have been done with the last C standard, and 
>not as a way by MS to force lock in, though.
>
>If we should start calling people idiots we migth never stop, but I then 
>point the finger towards Richie. Whatever you might think, Dave, C *has* 
>a security problem.
>
>/Andreas
>
While it doesn't matter much what I think on the subject, I think:

    * There are flaws in the C RTL spec. Don't get me started on
      additional signals not being queued while a signal handler is
      executing. fopen() probably doesn't allow for passing enough
      information between the program and the underlying environment. I
      can't really get too worked up about the shared access issue,
      however. If you are in an environment where misbehaving programs
      running in the same user context are a problem you've already lost
      the security battle.
    * Microsoft probably has little motivation to maintain source-level
      compatibility with competing systems. Some would say that they
      have a motivation to actively break source compatibility. I'm not
      so sure. Maintaining compatibility requires effort.
      Incompatibility can result just as easily from lack of trying as
      from trying to be incompatibility.
    * Microsoft made design choices in their implementation of the
      standard C RTL. Some of these seem to have unfortunate performance
      consequences for SIMH in some circumstances. Some of these may
      have security consequences, I really don't know. In any event
      Microsoft has decided to mitigate these consequences with a
      non-standard API, rather than correcting the problems with the
      standard API.

Given all that, which we can't do anything about, we should concentrate 
on what we can do something about. I'll go back to saying that if using 
the non-standard API provides sufficient benefits for Windows users than 
a little conditional compilation or two versions of a small module are  
a reasonable course to take.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.trailing-edge.com/pipermail/simh/attachments/20071216/1f8c8382/attachment-0002.html>

More information about the Simh mailing list