Schnee (schnee) wrote,

Cloudflare's little problem, and using C

A lot's been written already about Cloudflare's recent issue. The short version is that a bug in HTML parsing in certain Cloudflare modules lead to the inadvertant exposure of potentially sensitive data. There's detailed background information here, straight from the horse's mouth; and if you believe the talking heads that suggest you will be Safe™ if and only if you change your password on all sites using Cloudflare, someone has taken it upon themselves to attempt and compile an extensive list.

I'm not gonna dwell on any of this. What's more interesting is the fact that this is, fundamentally, a buffer overrun. That's the sort of bug that's possible in C but not in memory-safe languages, which predictably lead to arguments between the respective proponents of the two, with the former crying "don't blame the tool, blame the user for not using it right" and the latter replying "a tool that is that difficult to use safely is still a bad tool".

The latter attitude is summed up quite well in this quote on LWN:

Let me say that more explicitly and emphatically: *C (and whoever selected C) is at fault*.

You want to get from point A to point B. You see people running a three-legged race from A to B, via an icy road, wearing one roller blade and one ice skate, while pair-juggling three chainsaws with exposed wires and no blade guards, powered by hypergolic rocket fuel and plutonium. You can't help but marvel at the skill required. When you observe one of the inevitable impromptu flaming-amputation-splenectomies, your first reaction shouldn't be to analyze the very last thing they did leading up to it and decide you can avoid making that mistake yourself. Nor should you interview the people who make it to the end and ask them for their detailed advice on safer techniques for maintaining a grip on the chainsaws while sliding through the turns. Nor should you seek out gloves that offer a better grip. *The biggest mistake is getting involved with that whole mess in the first place.*

That analogy is as appropriate as it is amusing. Of course it is perfectly possible to use C safely, but humans make mistakes, even smart ones, and mistakes may not be obvious (even after close, independent scrutiny by several experts), and they may be quite fatal. A good tool fails gracefully and safely, and C doesn't.

I've been saying for many years that C is basically an optimizing macro assembler with automatic register allocation. In particular, C is an assembly language. C offers the same amount of protection that assembly does – read: none –, and if you don't feel comfortable programming in assembly then you shouldn't program in C either. (In fact pure assembly is arguably less dangerous than C, because the lack of the usual higher-level facilities that C provides means that people won't be tempted to use assembly.)

And that's before the C compiler is actively and deliberately sabotaging your code. (Here's another post mentioning the same thing.)

Tags: c, programming languages, security

Posts from This Journal “programming languages” Tag

  • Happy birthday, Perl

    Perl turned 28 today. Happy birthday!

  • 2013 Underhanded C Contest

    The 2013 Underhanded C Contest has wrapped up. Be sure to read up on the challenge before checking out the results so you know what it was…

  • Quote of the Day

    Short but sweet, another piece of great writing from Wikipedia: Like conjoined twins, classes and metaclasses are born together. Found in…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded