OpenBSD Journal

Safer C Coding

Contributed by jose on from the more-robust-code dept.

A recent thread on secure programming idioms on the secprog list (hosted by securityfocus) raises a lot of good questions people here often have, namely "how can we more easily program more secure and robust code?"

The Berkeley project on CIL , a C intermediate language, looks very useful. One project from it, ccured , inserts checks in C code to improve type safety and buffer protection.

An additional project is cyclone , a "C dialect" which is typesafe. It isn't C, but darned close, and would require a massive rewrite of a lot of code to build properly. Plus it's i386 only (an OpenBSD port is in the works).

Lastly there was a proposal to add ProPolice support to the GCC 3.2 port , but it appearantly failed on several technical grounds. ProPolice is a set of additions to GCC to protect the stack from smashing. (Note that OpenBSD 3.2 ships with stack protection enabled on all platforms, and heap protection on several.)

While OpenBSD certainly wont move entirely to a solution like this, for low level code which has to be done to interface to hardware and cannot be done at an interpreted level, there are a growing number of options.

(Comments are closed)


Comments
  1. By pravus () on

    /me dons his sarcasmobestos suit...

    why doesn't everyone just use Java?

  2. By Dom De Vitto () dom@devitto.com on mailto:dom@devitto.com

    1) Because it's not C, which people know.
    2) Because Java isn't as mature as C (or C++)
    3) Because Java isn't just a different language, it totally different idioms.
    4) Because anyway a bad programmer can write in any language, as can a good one.

    I should know, I moderate comp.lang.c++.moderated....

    Dom
    PS. People who know think Perl or Python are better C replacements.

  3. By Nils Kassube () lists@kassube.de on mailto:lists@kassube.de

    It's so sad, that I have to laugh. There are a zillion languages more secure and more productive than C. Why spend time to fix buffer overflows when you can avoid them completely by using a decent language?

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]