[Info-vax] Calling standards, was: Re: Byte range locking - was Re: Oracle on VMS

Bill Gunshannon bill.gunshannon at gmail.com
Wed Nov 23 11:56:06 EST 2016


On 11/23/16 11:09 AM, Michael Moroney wrote:
> Bill Gunshannon <bill.gunshannon at gmail.com> writes:
>
>> On 11/23/16 4:06 AM, Johnny Billquist wrote:
>>> The C standard library use NUL-terminated strings, which (as we all
>>> know) have serious security problems, and god knows what else.
>
>> Why do people insist on perpetuating the notion that this is a C
>> security problem.  C merely continued a practice that predated it
>> probably to maintain compatability with earlier code.
>
>> The PDP-11 Macro Directive .PRINT takes a null terminated string
>> as its only argument.  I suspect the VAX had the same and it
>> probably still exists in MACRO but I don't have my manual handy to
>> verify that.
>
> PDP-11 had different ways to specify strings.
> .ASCIZ was a null-terminated string, while .ASCIC was a counted
> string.  .ASCID (descriptor) probably didn't exist on the PDP-11
> but on the VAX.  Of course .ASCII was just a string, presumably
> with a length specified elsewhere or assumed/known.

And the .PRINT directive took a string terminated with either a
NULL or 0200 which is NULL with the high order bit set.

>
> The VAX calling standard used descriptors for strings, not null
> terminated strings. Much more secure.

As I said, I don't have a manual handy.  I am aware that the VAX
had descriptors, but I would be extremely surprised if the .ASCIZ
and .PRINT weren't still there again, primarily for backwards
compatibility.

>
> Hackers abusing buffer overruns caused by null-terminated strings
> weren't an issue on PDP-11s.  These days, null-terminated strings
> as implemented by C are widely abused to compromise code.

Well, lets be honest in the days of the PDP-11 people weren't trying to
break into or break the security of systems.  That's a modern social
problem.  I can still remember a time when we didn't even need passwords
because people just respected other people's spaces.  Most of the
serious problems today are much more social than technological.

bill




More information about the Info-vax mailing list