* 9 *

Software security I

  1. Describe the main themes one needs to address in designing secure software. See notes. Privacy. Robustness. Backup/redundancy. Consistency of behaviour. etc
  2. Explain why the following system call, for reading input from the user is inherently dangerous.
    char buffer[1024];
    
    gets(buffer);
    
    Hint: what information or argument is the function gets() missing?
    Should be thinking about array boundaries. The function has no parameter which tells it the size of the buffer, so it cannot possible check array boundaries. It is inherently dangerous. The same thing applies to the C++ operation >>.

Back