|
|
|
|
|
|
by Someone1234
4123 days ago
|
|
|
The RMS Titanic sunk, but the engineers made it much harder to sink than ocean liners which preceded it. C/C++ starts you in a position where it is extremely easy to write insecure code. Even a competent coder can produce insecure code in either language without a great deal of effort or stupidity on their part. Other languages aren't "unsinkable" to come back to the Titanic, but they make it harder to sink, and the requirements on the developer aren't as high. Just like with the Titanic you have to hit the iceberg in a certain specific way to sink, rather than sinking from any old collision. Certain C/C++ compilers have definitely made the situation better when in "strict mode" as well as a lot of tooling to identify potential problem points. However ultimately the language is plagued by "undefined behaviour" and a large code-base where developers are using various insecure tricks to save pennies (e.g. this exact exploit, where they are creating insecure code to save a single structure's worth of memory, which on an 8 GB stick of RAM is less than 1/2 of 1c worth (assuming $60/8 GB stick)). |
|
|
It's worth mentioning K&R, which used to be where people learn C, has a huge number of instances of very risky practices.