[Simh] Simh on Windows - long startup delays and long shutdown delays

Villy Madsen Villy.Madsen at shaw.ca
Sun Dec 16 18:12:13 EST 2007


I read a nice little article recently.  It talked about Security on Multics.
It mentioned that the O/S had been written in PL/I

It also suggested that it was very hard to program a situation in PL/I that
would ALLOW a buffer overflow
and that it was very hard to program a situation in C that would PREVENT a
buffer overflow...

I do use C - mostly to hack SimH and microcontrollers...
I feel much much more secure programming in Pascal (Delphi) or Fortran.  At
least they don't assume that I know what
I am doing <G>

Villy


-----Original Message-----
From: simh-bounces at trailing-edge.com [mailto:simh-bounces at trailing-edge.com] On
Behalf Of Andreas Davour
Sent: Sunday, December 16, 2007 15:26
To: dave porter
Cc: simh at trailing-edge.com
Subject: Re: [Simh] Simh on Windows - long startup delays and long shutdown
delays

On Sun, 16 Dec 2007, dave porter wrote:

>> Then a couple of days ago I ran across a comment on the microsoft 
>> site that the fopen instruction had been deprecated - and that one 
>> should use the fopen_s instruction instead - unless one wanted to 
>> share the file...
>
> Forget it. Microsoft thinks you shouldn't use that function, but that 
> doesn't mean you shouldn't use the function.
>
> MS has correctly observed that some C RTL functions (say, strcpy) are 
> unsafe in the hands of idiots. MS has therefore introduced functions 
> with better behaviour and thinks everyone should use those instead.
> Sure, but you no longer have portable code. And there's no gain if you 
> weren't using the original function idiotically in the first place.
>
> Apparently, the 'security' angle of fopen_s is that if you feed it 
> incorrect arguments, it calls an invalid parameter handler rather than 
> immediately letting the MMU execption loose.

I wouldn't say it is such a bad idea after all. The intention with this is
obvious, MS lock in. But, considering the track record we have with buffer
overflow errors and the like I think the idea is a great one and long over due.
It should have been done with the last C standard, and not as a way by MS to
force lock in, though.

If we should start calling people idiots we migth never stop, but I then point
the finger towards Richie. Whatever you might think, Dave, C *has* a security
problem.

/Andreas



--
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
_______________________________________________
Simh mailing list
Simh at trailing-edge.com
http://mailman.trailing-edge.com/mailman/listinfo/simh





More information about the Simh mailing list