Mirsad Todorovac wrote:
I have recently studied several forms of viruses and security holes in software. Many if not 90% of recent exploits depend on holes introduced through buffer overruns, such as this C example:
printbuffer() { char buffer[100];
gets (buffer); /* oops!*/ fp = fopen("LPT1:", "w"); fputs (buffer, fp);}
Is Pascal and namely GNU Pascal safer re: buffer overruns? How much does runtime range checking help
See http://www.gnu-pascal.de/crystal/gpc/en/mail12961.html.
and to what extent can we depend on it?
The only thing you can depend on in programming is clear thinking. Don't trust anything that promises you automatic wonders.
Is it acceptable to write setuid root programs in GPC and what are the cautions?
From http://en.wikipedia.org/wiki/Setuid
"While the setuid feature is very useful in many cases, it can however pose a security risk if the setuid attribute is assigned to executable programs that are not carefully designed. Users can exploit vulnerabilities in flawed programs to gain permanent elevated privileges, or unintentionally execute a trojan horse program."
I think "carefully designed" is the keyword (and ask yourself if that applies to the C and C++ programming languages (...)).
Regards,
Adriaan van Os