[Announce] GnuPG 1.4 and 2.0 buffer overflow

Robert J. Hansen rjh at sixdemonbag.org
Tue Nov 28 09:56:31 CET 2006


Werner Koch wrote:
> Unless you disable them which is often done for performance reasons
> ;-).

Bjarne Stroustrup once characterized this as "wearing your life jacket
while your boat is close to shore, but throwing it overboard once you
start to cross the ocean".

While I agree it's often done for performance reasons, I think it's an
open question as to whether it should be done.  Ninety percent of the
time when coders talk about 'performance reasons', what we really mean
is 'we haven't profiled the code yet, so here are our wild guesses as to
what will work'.

If the code's been profiled, array access is a bottleneck, and you can
give strong promises that the array access will not go out of bounds,
then fine, disable array checks.  Otherwise, it seems premature.

> We can't change the implementation language: It is too much work and
> there are not enough developers available which are up to Ada.

Right.  As I said, I used Ada95 as an example--not because I thought it
was reasonable or practical for GnuPG to use it.

> C is used everywhere and before you start to change all applications
> you need to change the underlying infrastructure.  That huge and
> constantly changing Linux kernel needs to be targeted too.

Yep.  But I sincerely think that if we were to start migrating away from
C except for those applications where C is absolutely necessary, it
would do leaps and bounds for software reliability.





More information about the Gnupg-devel mailing list