Hacker News new | ask | show | jobs
by kbenson 2618 days ago
In a way, OpenBSD isn't really written in C. It's written in a special subset of C that uses some different, more secure core functions and any where any trade-off for performance instead of security is ruthlessly weeded out when reviewed by the people involved.

I'm of the opinion that using C and C++ for future major work where there's not good reasons forcing you to is more trouble than it's worth, but I wouldn't mind if it was all done with the care and attention the OpenBSD developers put into their projects.
3 comments
tptacek 2618 days ago
While I'm generally sold on the OpenBSD strategy of replacing mainstream daemons with stripped down secure versions, I don't think it is at all reasonable to suggest that OpenBSD's library idioms mean it's implemented in something other than C (nor would it be reasonable to say that about Dan Bernstein's software, which goes even further in this direction). It's still C, and it still has memory corruption vulnerabilities.
link
kbenson 2618 days ago
Sure. I just meant that since they adopt and enforce the usage of secure equivalents to some common functions (e.g. some string utilities), and along with very strictly enforced rules about how code gets accepted, it's about the best we can expect in some situations. Not everyone is willing to consider using something other than C. I think the pragmatic approach is to point to C projects that have been largely successful in their security approach. If it causes them to adopt the onerous requirements for safe C, or to reevaluate their position, I count those both as positive outcomes.
link
makz 2618 days ago
As far as I have seen, every time a project uses C, they end up transforming it in some subset and if you want to contribute, you must learn that C subset. It’s almost like DSLs.

I think that’s expected, and cool, given that C is a general purpose language and very flexible.

link
nickpsecurity 2618 days ago
It's C with better libraries and coding standards for security. A different dialect might be something like Cyclone, Cilk, MetaC, Frama-C, or ZL that change the language to help them achieve their goals.
link