:: Re: [DNG] Systemd Shims
Top Page
Delete this message
Reply to this message
Author: Edward Bartolo
Date:  
To: Hendrik Boom
CC: dng
Subject: Re: [DNG] Systemd Shims
I am not assuming anything and understand the risks of buffer
overflows. The first step I am taking is to make the code function.
The second step is further debug it until it behaves properly and the
third step is to correct any potential security issues. As anyone can
understand, projects, whatever they are, are not completed in one
step. Furthermore, debugging is a lengthy process and part of it is
removing potential security holes.

As to studying other languages, here, you are NOT talking to a youth
in his twenties or his teens, but to a 48 year old. Learning a new
language is a lengthy process and the ones I know are far more than
enough for what I do.

Devuan's team of developers is not in any way obliged to accept my
code. Any developer who may feel the need to harden the code is free
to do so.

Thanks

On 19/08/2015, Hendrik Boom <hendrik@???> wrote:
> On Wed, Aug 19, 2015 at 06:46:36PM +0200, Laurent Bercot wrote:
>> On 19/08/2015 15:29, Edward Bartolo wrote:
>> >This is the completed C backend with all functions tested to work. Any
>> >suggestions as to modifications are welcome.
>>
>> OK, someone has to be the bad guy. Let it be me.
>>
>> First, please note that what I'm saying is not meant to discourage you.
>> I appreciate your enthusiasm and willingness to contribute open source
>> software. What I'm saying is meant to make you realize that writing
>> secure software is difficult, especially in C/Unix, which is full of
>> pitfalls. As long as you're unfamiliar with the C/Unix API and all its
>> standard traps, I would advise you to refrain from writing code that
>> is going to be run as root; if you want to be operational right away
>> and contribute system software right now, it's probably easier to stick
>> to higher-level languages, such as Perl, Python, or whatever the FotM
>> interpreted language is at this time. It won't be as satisfying, and the
>> programs won't be as efficient, but it will be safer.
>
> Or try some of the less known, but compiled, efficient, strongly and
> securely type-checked languages such as Modula 3 or OCaml.
>
> -- hendrik
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>