From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-ArrivalTime: 2001-08-01 13:15:32 PST Path: archiver1.google.com!news2.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!howland.erols.net!newsfeed.fast.net!uunet!dca.uu.net!ash.uu.net!nntphub.cb.lucent.com!news.research.bell-labs.com!news From: Matthias Blume Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: Wed, 01 Aug 2001 15:58:01 -0400 Organization: Lucent Technologies, Bell Labs Message-ID: <3B685F49.839B18D1@research.bell-labs.com> References: <3B672322.B5EA1B66@home.com> <9k9ilv$jds$1@farviolet.com> NNTP-Posting-Host: blume-pcmh.research.bell-labs.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.19-6.2.7 i686) X-Accept-Language: en, de, ja Xref: archiver1.google.com comp.lang.ada:10980 comp.lang.c:71369 comp.lang.c++:79146 comp.lang.functional:7098 Date: 2001-08-01T15:58:01-04:00 List-Id: Lawrence Foard wrote: > > In article , > Daniel Fischer wrote: > >> The buffer overflow occurs because of an old and well known bug in the C > >> libraries. > > What does this have to do with C++? Any decent C++ programmer is using > std::string instead of char *. > > >> Using Ada or another modern language like Ocaml or Mozart could have > >> prevented this, thus stopping the worm before it infected the very first > >> IIS server. > > ~~~ > > Or use of the features of a modern language like C++. Why restrict yourself > to obscure academic languages when a freely available and widely used > language does what you need? Because some of those obscure academic languages do not suck so badly. > The irony is that this problem starts in CS departments where kids are still > taught to use 'char *' instead of a string class. The real irony is that the trouble is with CS departments where there is a choice between using 'char *' and 'std::string' because it means that kids at such departments are taught in C++. C++ has to be about the worst choice for a teaching language. Not to mention that real work gets done (and gets done well) in those obscure academic languages, too. They are hardly a "restriction". In fact, if you had ever given one of them a serious try, you might have found the experience liberating. Regards, Matthias PS: By the way, the root of the problem is not fully solved by std::string. Neither C nor C++ are "safe" languages and no amount of library hacking can make this fact completely go away. (Of course, Ada isn't safe either.)