Important utilities like ssh should not be written in unsafe languages like C or C++ that allow buffer overflows. Otherwise, this class of problem is never going to go away, because developers aren't perfect. And, because people don't want to be bothered about updates, in present-day reality Unix is highly insecure.
Absolutely agree. It's insane that safer languages aren't used for a majority of OS level tools. Security is certainly being sacrificed to the altar of performance (even if the performance in practise would be acceptable).
Anyone who believes that better programming practises can address this sufficiently is sticking his head in the sand.
The depressingly long series of Linux patches (which by the way is impossible for a non-sysadmin to keep up with, rendering Linux an effecively insecure OS) is empirical proof of this.
Slashdot Mirror
Important utilities like ssh should not be written in unsafe languages like C or C++ that allow buffer overflows. Otherwise, this class of problem is never going to go away, because developers aren't perfect. And, because people don't want to be bothered about updates, in present-day reality Unix is highly insecure.
Absolutely agree. It's insane that safer languages aren't used for a majority of OS level tools. Security is certainly being sacrificed to the altar of performance (even if the performance in practise would be acceptable).
Anyone who believes that better programming practises can address this sufficiently is sticking his head in the sand.
The depressingly long series of Linux patches (which by the way is impossible for a non-sysadmin to keep up with, rendering Linux an effecively insecure OS) is empirical proof of this.