Re^3: Is this actually possible?

I've heard of assuming user input is tainted as a good programming practice, but assuming executables on the web server are tainted is a little ridiculous.

If you're afraid of a bug in gcc, then you'd have to assume that Apache and Perl itself are equally unsafe.

Comment on Re^3: Is this actually possible?

Replies are listed 'Best First'.
Re^4: Is this actually possible? by Fletch (Bishop) on Oct 23, 2005 at 23:28 UTC
No, I'm more trusting of those two precisely because they are used often in an unsafe environment and both have been gone over by people looking for problems to that end (and are under scrutiny for such problems going forward). I know of no such efforts being made on `gcc` since it's not in general use processing arbitrary user input, hence I'm substantially less sure of what it might do for malicious input.	[reply]

Replies are listed 'Best First'.

Re^4: Is this actually possible?
by Fletch (Bishop) on Oct 23, 2005 at 23:28 UTC

No, I'm more trusting of those two precisely because they are used often in an unsafe environment and both have been gone over by people looking for problems to that end (and are under scrutiny for such problems going forward). I know of no such efforts being made on gcc since it's not in general use processing arbitrary user input, hence I'm substantially less sure of what it might do for malicious input.

[reply]