[Announce] GnuPG 1.4 and 2.0 buffer overflow
Robert J. Hansen
rjh at sixdemonbag.org
Tue Nov 28 09:32:27 CET 2006
Werner Koch wrote:
> If you want protection against buffer overflow, audit the code and
> use an OS which traps execution of code at arbitrary addresses.
A different approach would be to use a language in which buffer
overflows are simply not possible. Ada95 is an example of a language
which compiles to fast native code and has robust protections against
buffer overflow.
Following this thread further would probably go very much off-topic for
gnupg-devel, but the contrary view--that C is simply the wrong language
to use for security-critical software--should at least be mentioned, I
think.
(Note: Ada95 is used as an example. I'm not actually suggesting GnuPG
should be, or should have been, written in it.)
More information about the Gnupg-devel
mailing list