This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Signed int overflow behaviour in the security context

From: Robert Dewar <dewar at adacore dot com>
To: Richard Kenner <kenner at vlsi1 dot ultra dot nyu dot edu>
Cc: andreas at andreas dot org, gcc at gcc dot gnu dot org
Date: Wed, 24 Jan 2007 19:51:18 -0500
Subject: Re: Signed int overflow behaviour in the security context
References: <45B4C11A.305@andreas.org> <m3ejpmc1op.fsf@localhost.localdomain> <45B54D40.1090107@andreas.org> <20070123000833.GY31955@synopsys.com> <45B585D1.1080202@andreas.org> <m3ejpm8hk0.fsf@localhost.localdomain> <45B5C12C.4030003@andreas.org> <4aca3dc20701230845l48940calc762194cd5f029c8@mail.gmail.com> <45B64108.9020603@andreas.org> <m3ac097iy6.fsf@localhost.localdomain> <45B68F80.5080701@andreas.org> <10701240158.AA23895@vlsi1.ultra.nyu.edu>

Richard Kenner wrote:

Oh, and teaching all of the programmers out there all the subtle nuances
of C and trying to get them to write proper code: good luck.  That
simply won't happen.


If people who write security-critical code in a programming language
can't take time to learn the details of that language relevant to
security issues (such as overflow handling), I think our society is in
a great deal of trouble.

I find this attitude to facile. The fact is that C is rather defective here in its handling of overflow, and that is a potential problem. By aggressively capitalizing on the undefined aspect, gcc is a bit worrisome given this makes it hard to check for overflow.

Also please don't confuse "in a security context", which can arise
in all sorts of places (e.g. a mailer avoiding buffer overflow),
with "security-critical" which is a term-of-art getting into
common criteria etc.

References:
- Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Ian Lance Taylor
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Joe Buck
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Ian Lance Taylor
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Daniel Berlin
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Ian Lance Taylor
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Richard Kenner

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]