Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Language tools –
Languages less susceptible to buffer overflows
Languages less susceptible to buffer overflows
Examples: Ada, Java, Perl,
Python, etc.
Pros:
–Automatic bounds checking makes them less susceptible to
the buffer overflow problem
–Exception
handling can greatly ameliorate the problem
Cons:
–Using different languages can increase development
cost
–None of these languages give the programmer access to the
machine at a low level
–None of these languages give you the performance of C/C++, most require distributable run-time environments
–C/C++ are popular languages that many programmers are
familiar with
–What happens when a string that is too long is entered or
an array is referenced out of bounds, is an
exception generated, does the buffer grow, does the program just halt, is the user asked to provide different input?
–Programmer still must be aware of buffer overflows to
provide exception handlers to do what they want
(Exception handling comes with its own set of problems)