Old GNU command line utilities are highly vulnerable

Discussion in 'all things UNIX' started by Gullible Jones, Dec 9, 2014.

  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    http://seclists.org/oss-sec/2014/q4/769

    In retrospect, this should not be surprising, but I certainly never thought of it before.

    My thoughts, now that it's on the table:

    1. The price of backwards compatibility seems to include vulnerability, as on Windows.
    2. This might be a good reason to use scripting languages like Python etc. for CLI utilities...
    3. Or at least languages like (pure) C++ that have safer standard string implementations than C.
    4. In the long run, I suspect this will lead to friendlier rewrites of old UNIX utilities, which would be a Good Thing.
     
Loading...