[OffTopic] A vulnerability postmortem on Network Security Services
pjmlp at progtools.org
Thu Dec 2 13:08:30 UTC 2021
On Thursday, 2 December 2021 at 11:44:28 UTC, IGotD- wrote:
> On Thursday, 2 December 2021 at 11:27:01 UTC, H. S. Teoh wrote:
>> Another nail in the coffin of C. Still many more nails to go,
>> but the inevitable draws ever nearer.
> Would it be impossible to add bounds checking in C?
> It's been over 4 decades and it seems like there is some
> profound resistance to add this.
Yes, mostly due to culture, all major C compilers have extensions
and secure libraries.
Red-Hat and Android make use of FORTIFY_SOURCE among other
features, for example,
Oracle has given up almost a decade ago, that is why Solaris on
SPARC is basically a C Machine, thanks ADI.
While Intel has borked their MPX implementation, ARM also got
into the C Machine concept, which is being adopted across mobile
So eventually hardware memory tagging will take care of killing
processes that don't behave, and we will have C Machines with
memory tagging, because the powers that could fix the language
don't want to (ISO C, WG 14).
More information about the Digitalmars-d