[Info-vax] Whither VMS?
Bob Eager
rde42 at spamcop.net
Thu Oct 1 14:49:08 EDT 2009
On Thu, 01 Oct 2009 18:41:17 +0000, glen herrmannsfeldt wrote:
> John Wallace <johnwallace4 at yahoo.co.uk> wrote: (big snip)
>
>> In addition to the above (thank you for saving me pointing out that the
>> right answer late is sometimes unacceptable ie wrong), there seems to
>> be a class of security exploit which involves building a string with an
>> embedded null followed by data which isn't ignored because the string
>> length processing is different depending on who's doing it. E.g.
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666
>>
>> .ASCIZ was OK for MACRO11 and similar static strings, but for dynamic
>> stuff, descriptors and support routines are hard to beat.
>
> So was DEC the originator of null terminated strings?
Well, OS/8 had them in the PAL assembler. That puts it before C and UNIX.
--
Use the BIG mirror service in the UK:
http://www.mirrorservice.org
More information about the Info-vax
mailing list