The reason you couldn't find a reference to back you up is because as edhall pointed out sizeof(void*) is not guaranteed to be sizeof(int). For example on an Alpha machine:
sizeof(int) = 4
sizeof(unsigned) = 4
sizeof(long) = 8
sizeof(void*) = 8
You will notice the plain 'unsigned' there, that's the problem in snort. You really wouldn't want plain ints to be 64bit anyways for performance reasons. I wish you were right and they just used a typedef in their header files but they don't. For example snort for me crashes in the function: static int otnx_match( unsigned id, int index, void * data) { ...PMX *pmx = (PMX*)id; RULE_NODE *rnNode = (RULE_NODE*)(pmx->RuleNode) ...
You will notice that id is just plain 'unsigned' no typedef. Then it is cast to a pointer, the pointer is then referenced and in my case the upper bits are important so snort crashes.
The main problem is the snort code is littered with tons of bad coding like this which just makes it prime to be exploited. Granted you minimize exploits by chroot and running it with non-root privileges (is that even currently possible with snort?), but it still makes it completely unusuable on 64bit machines like Alphas.
I have an OpenBSD firewall on an Alpha Station 200, in which I tried to run snort. Well snort would crash shortly after startup. When I took a closer look it seems the crash was caused by trying put pointers into int. I can't believe programmers in this day can't get sizeof(void*) != sizeof(int) on all machines.
Anyways I started to try to fix this but the problem was too wide spread in the code that I ran out of time. Which makes me wonder if they make such a simple mistake so common what other bugs could be left in the code that might be exploited later on.
So until snort gets around to fixing these problems it's going to be hard for people to run it on 64bit machines. With the Athlon64 coming out this could really turn into a problem.
> Funny, how expressing "unpopular" views makes one heroic, while expressing > "popular" views makes one vulgar.
I see absolutetly nothing funny about it. The reason someone is considered to be heroic is because they do something that is considered to be right (atleast to the one calling them heroic) but is very hard to do.
So, which is harder to do? Voicing the "unpopular" opinion you believe in or voicing the "popular" opinion which you believe in? I don't know about you but I like have the company of people so I would definetly have to say voicing my "unpopular" opinions would definetly have to be the harder thing to do.
Now, I see the reason as expressing the "popular" opinion as vulgar is probably because it's the "popular" opinion which means just about all of us have heard. I don't know about you but I hate hearing things over and over again like a broken record.
> If you have an unpopular opinion, WHY is it wrong for the majority to voice their > opinion back???
Don't you think the majority can handle better the opinions of one man than the one man can handle the opinions of a few hundred+ people "blasting" their opinions at him/her?
> I've seen code crappy code written by people without degrees and people with PhDs.
There is one difference between the two, people without degrees usually don't realize they are writing crappy code. The people with PhDs know they are writing crappy code but they just don't give a damn:)
Slashdot Mirror
The reason you couldn't find a reference to back you up is because as edhall pointed out sizeof(void*) is not guaranteed to be sizeof(int). For example on an Alpha machine:
You will notice the plain 'unsigned' there, that's the problem in snort. You really wouldn't want plain ints to be 64bit anyways for performance reasons. I wish you were right and they just used a typedef in their header files but they don't. For example snort for me crashes in the function: static int otnx_match( unsigned id, int index, void * data)
{
...PMX *pmx = (PMX*)id;
RULE_NODE *rnNode = (RULE_NODE*)(pmx->RuleNode)
...
You will notice that id is just plain 'unsigned' no typedef. Then it is cast to a pointer, the pointer is then referenced and in my case the upper bits are important so snort crashes.
The main problem is the snort code is littered with tons of bad coding like this which just makes it prime to be exploited. Granted you minimize exploits by chroot and running it with non-root privileges (is that even currently possible with snort?), but it still makes it completely unusuable on 64bit machines like Alphas.
I have an OpenBSD firewall on an Alpha Station 200, in which I tried to run snort. Well snort would crash shortly after startup. When I took a closer look it seems the crash was caused by trying put pointers into int. I can't believe programmers in this day can't get sizeof(void*) != sizeof(int) on all machines.
Anyways I started to try to fix this but the problem was too wide spread in the code that I ran out of time. Which makes me wonder if they make such a simple mistake so common what other bugs could be left in the code that might be exploited later on.
So until snort gets around to fixing these problems it's going to be hard for people to run it on 64bit machines. With the Athlon64 coming out this could really turn into a problem.
69 gigabytes? I can definetly see why the marketing people might want to change it :)
> Funny, how expressing "unpopular" views makes one heroic, while expressing
> "popular" views makes one vulgar.
I see absolutetly nothing funny about it. The reason someone is considered to be heroic is because they do something that is considered to be right (atleast to the one calling them heroic) but is very hard to do.
So, which is harder to do? Voicing the "unpopular" opinion you believe in or voicing the "popular" opinion which you believe in? I don't know about you but I like have the company of people so I would definetly have to say voicing my "unpopular" opinions would definetly have to be the harder thing to do.
Now, I see the reason as expressing the "popular" opinion as vulgar is probably because it's the "popular" opinion which means just about all of us have heard. I don't know about you but I hate hearing things over and over again like a broken record.
> If you have an unpopular opinion, WHY is it wrong for the majority to voice their
> opinion back???
Don't you think the majority can handle better the opinions of one man than the one man can handle the opinions of a few hundred+ people "blasting" their opinions at him/her?
> I've seen code crappy code written by people without degrees and people with PhDs.
:)
There is one difference between the two, people without degrees usually don't realize they are writing crappy code. The people with PhDs know they are writing crappy code but they just don't give a damn