Vadim Antonov wrote:
On Thu, 31 Jul 2003, Petri Helenius wrote:
What we need is a new programming paradigm, capable of actually producing secure (and, yes, reliable) software. C and its progeny (and "program now, test never" lifestyle) must go. I'm afraid it'll take laws which would actually make software makers to pay for bugs and security vulnerabilities in shipped code to make such paradigm shift a reality.
Blaming the tools for the mistakes programmers make is like saying "guns kill people" when the truth is that people kill people with guns.
Yep, it is people who choose tools and methods which produce code which is guaranteed to be unreliable and insecure - simply because those tools allow one to be lazy and cobble things together fast without much design or planning.
There is nothing in C which guarantees that code will be unreliable or insecure. C has the advantage of power and flexibility. It does no hand holding, so any idiot coder claiming to be a programmer can slap together code poorly. This is the fault of the programmer, and not the language. The syntax for C is just fine, and since any language is nothing more than syntax, C is a workable language. There are libraries out there for handling arrays with sanity checks. The fact that people don't use them is their own fault. For that matter, one can easily write their own. I don't know how many times I have gotten a vacant expression when mentioning the word flowchart; which is nothing more than the visual form of what any programmer should have going through their head (and on paper if they really want to limit mistakes). What I'd give to see a detailed flowchart for sendmail. I'd hang it on my walls (as I'm sure it'd take more than one). <snip>
A real programmer can write FORTRAN program in any language. The problem is that the even the best programmers make mistakes. Many of those mistakes (particularly, security-related - such as not checking for buffer overflows) can be virtually eliminated by the right tools.
Write a small program in C and then write it in Perl. Have the program open a 1.4G syslog file and run a tight loop reading in one line at a time, scanning for sendmail log entries, parsing the line, and writing out to a file the datetime, envelope_from, nrcpts, msgid. Your program is half way to actually being useful for something. But that should be far enough. Time both programs. For what it's worth, sorry Perl took so long. If a programmer can write a process in any language, then naturally the programmer should choose the language which provides the most flexibility, performance, and diversity; or the right tool. -Jack