Gosling Claims Huge Security Hole in .NET

renai42 writes "Java creator James Gosling this week called Microsoft's decision to support C and C++ in the common language runtime in .NET one of the 'biggest and most offensive mistakes that they could have made.' Gosling further commented that by including the two languages into Microsoft's software development platform, the company 'has left open a security hole large enough to drive many, many large trucks through.'" Note that this isn't a particular vulnerability, just a system of typing that makes it easy to introduce vulnerabilities, which last time I checked, all C programmers deal with.

Re:Advertisement?

[andalay]

"Damn, husband is going to beat me again. This time I'm going to kill him." < cocks rifle> "What the fuck? Rabbit season! Duck season! Rabbit season!" "Like this honey" "Thank you, you can now hunt deer"

Re:Phew!

[andreyw]

Hello world is pathetically easy to write in assembly.

IA-32 w/ Linux.
-------------- .data # section declaration

msg: .ascii "Hello, world!\n" # our dear string
len = . - msg # length of our dear string .text # section declaration

# we must export the entry point to the ELF linker or .global _start # loader. They conventionally recognize _start as their
# entry point. Use ld -e foo to override the default.

_start:

# write our string to stdout

movl $len,%edx # third argument: message length
movl $msg,%ecx # second argument: pointer to message to write
movl $1,%ebx # first argument: file handle (stdout)
movl $4,%eax # system call number (sys_write)
int $0x80 # call kernel

# and exit

movl $0,%ebx # first argument: exit code
movl $1,%eax # system call number (sys_exit)
int $0x80 # call kernel

Misplaced comma

[northcat]

just a system of typing that makes it easy to introduce vulnerabilities, which last time I checked, all C programmers deal with.

The comma should be after "which", not after "vulnerabilities".