[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "random" number seeds vs. Netscape
>
> Nor is there anything inherently wrong with having sex without the use
> of a condom.
YES! Safe exec! Use software protection;) (Can you tell that when I read
this I was LOL!?)
>
> However, it is very difficult -- VERY DIFFICULT -- to prove to
> yourself that there is never an instance in which your system() or
> popen() can be abused.
Well...you can tell by looking, certainly that's not true when you need
a condem;)
> In any case, I find its often more prudent just
> to strip all these things out of my code. If you don't use them, you
> don't have to prove they are done properly. Paranoia is your
> friend. No one can ever break you for doing something you don't do.
That's true, I have to admit that I usually don't use them either. Once
you know how they're coded up, and how little code is actually used, it
seems silly anyway to call a popen or system and suffer the overhead of
the function calls and the loss of control.
>
> > The problem arises when you use information given to you from
> > outside as the argument to popen or system without checking it.
>
> Yup, but often, you'd be suprised what turns out to be outside data.
You're singing to the choir. Sigh, Eric Allman's been several times
surprised about what turned out to be outside data.
>
> In any case, you obviously also understand why this is bad, but I hope
> that people out there understan -- always make sure that you are
> double extra careful about the use of such calls.
Thanks:)
Patrick
_______________________________________________________________________
/ These opinions are mine, and not Verity's (except by coincidence;). \
| (\ |
| Patrick J. Horgan Verity Inc. \\ Have |
| [email protected] 1550 Plymouth Street \\ _ Sword |
| Phone : (415)960-7600 Mountain View \\/ Will |
| FAX : (415)960-7750 California 94303 _/\\ Travel |
\___________________________________________________________\)__________/