问题
Buffer overflows seem to be one of the biggest causes of security vulnerabilities. I rarely program in C/C++ (only for certain coursework), so I may be missing something, but I don't understand why people continue to use data structures that allow overflows. Why don't all data structures throw an exception when full? Seems like this simple solution would greatly enhance software security.
回答1:
- Ignorance
A large percentage of programmers (in my perhaps unfairly negative skewed view of the world) either don't understand security concerns at all or don't understand which data structures they use are vulnerable. A whole ton of programmers went through the 90s where everyone used gets() and even every C book out there encouraged it. Now, you'd be called crazy to use it. But not everyone received the memo!
- Laziness
Subcategories include "nobody will bother attacking my app", "it's just a prototype anyway", and "it's due next week, I'll fix it later"
- Difficulty (perceived or otherwise)
It's actually really difficult to write portable, correct, and secure C code. Almost any nontrivial project that isn't written with a really keen eye likely has bugs if not outright vulnerabilities. And in an unmanaged language like C, many bugs have the potential to be security issues.
It's also hard to make APIs that are both usable and secure "by design".
And for the final knife in the corpse, all of these issues affect all developers across the project. That includes any libraries you use, any libraries they use, all the way up to and including the operating system kernel you use. Any programmer who falls into any security trap along the way pretty much compromises the whole thing.
A lot of these problems get better with managed languages - at least you can't scribble over arbitrary memory, but different classes of security problems still exist.
来源:https://stackoverflow.com/questions/9917256/why-do-people-continue-to-use-data-structures-that-allow-overflows