1995-09-22 - Re: “random” number seeds vs. Netscape
Header Data
From: patrick@Verity.COM (Patrick Horgan)
To: perry@piermont.com
Message Hash: 0080f3bbc5ce1f271e086f4a2a323f1599f982e4e8b9d50aa1eff0e58766817b
Message ID: <9509221532.AA19315@cantina.verity.com>
Reply To: N/A
UTC Datetime: 1995-09-22 15:35:52 UTC
Raw Date: Fri, 22 Sep 95 08:35:52 PDT
Raw message
From: patrick@Verity.COM (Patrick Horgan)
Date: Fri, 22 Sep 95 08:35:52 PDT
To: perry@piermont.com
Subject: Re: "random" number seeds vs. Netscape
Message-ID: <9509221532.AA19315@cantina.verity.com>
MIME-Version: 1.0
Content-Type: text/plain
>
> Nor is there anything inherently wrong with having sex without the use
> of a condom.
YES! Safe exec! Use software protection;) (Can you tell that when I read
this I was LOL!?)
>
> However, it is very difficult -- VERY DIFFICULT -- to prove to
> yourself that there is never an instance in which your system() or
> popen() can be abused.
Well...you can tell by looking, certainly that's not true when you need
a condem;)
> In any case, I find its often more prudent just
> to strip all these things out of my code. If you don't use them, you
> don't have to prove they are done properly. Paranoia is your
> friend. No one can ever break you for doing something you don't do.
That's true, I have to admit that I usually don't use them either. Once
you know how they're coded up, and how little code is actually used, it
seems silly anyway to call a popen or system and suffer the overhead of
the function calls and the loss of control.
>
> > The problem arises when you use information given to you from
> > outside as the argument to popen or system without checking it.
>
> Yup, but often, you'd be suprised what turns out to be outside data.
You're singing to the choir. Sigh, Eric Allman's been several times
surprised about what turned out to be outside data.
>
> In any case, you obviously also understand why this is bad, but I hope
> that people out there understan -- always make sure that you are
> double extra careful about the use of such calls.
Thanks:)
Patrick
_______________________________________________________________________
/ These opinions are mine, and not Verity's (except by coincidence;). \
| (\ |
| Patrick J. Horgan Verity Inc. \\ Have |
| patrick@verity.com 1550 Plymouth Street \\ _ Sword |
| Phone : (415)960-7600 Mountain View \\/ Will |
| FAX : (415)960-7750 California 94303 _/\\ Travel |
\___________________________________________________________\)__________/
Thread
Return to September 1995
- Return to “David Lesher <wb8foz@nrk.com>”
- Return to ““Ed Carp [khijol SysAdmin]” <khijol!erc>”
Return to “patrick@Verity.COM (Patrick Horgan)”
- 1995-09-22 (Fri, 22 Sep 95 08:35:52 PDT) - Re: “random” number seeds vs. Netscape - patrick@Verity.COM (Patrick Horgan)
- 1995-09-23 (Sat, 23 Sep 95 15:42:33 PDT) - Re: “random” number seeds vs. Netscape - David Lesher <wb8foz@nrk.com>
- 1995-09-24 (Sun, 24 Sep 95 13:45:22 PDT) - Re: “random” number seeds vs. Netscape - “Ed Carp [khijol SysAdmin]” <khijol!erc>
- 1995-09-23 (Sat, 23 Sep 95 15:42:33 PDT) - Re: “random” number seeds vs. Netscape - David Lesher <wb8foz@nrk.com>