[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Update: Web browsers - a mini-farce (MSIE gives in)

To: "'Tim Newsham'" <newsham@xxxxxxxx>, Michael Wojcik <Michael.Wojcik@xxxxxxxxxxxxxx>
Subject: RE: Update: Web browsers - a mini-farce (MSIE gives in)
From: David Brodbeck <DavidB@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 29 Oct 2004 15:25:26 -0400

> -----Original Message-----
> From: Tim Newsham [mailto:newsham@xxxxxxxx]

> But lets assume that a good programmer is writing software and
> it comes to his attention that there is a buffer overflow, or
> that user input is not being filtered, or that user input is being
> passed to a printf type function.  What happens next?  Well, it
> depends on how many bugs there are, how much other work needs
> to be done, and very importantly, what the perceived impact of
> that bug is.  You cannot imagine how many times a bug is pointed
> out and the author of the software says "ok, that bug can only
> happen if the user does something stupid, and it is not exploitable.
> Lets defer that one."

This suggests that it's reasonable for a program to segfault because the
user made a mistake, instead of having some non-fatal form of error
handling.  I don't think that should be acceptable at all, though I agree
it's very common.  If I had a dollar for every time I've lost work because a
segfault or GPF happened before I saved my document...

Follow-Ups:
- RE: Update: Web browsers - a mini-farce (MSIE gives in)
  - From: Tim Newsham
- Re: Update: Web browsers - a mini-farce (MSIE gives in)
  - From: Valdis . Kletnieks

Prev by Date: Re: Update: Web browsers - a mini-farce (MSIE gives in)
Next by Date: Re: New URL spoofing bug in Microsoft Internet Explorer
Previous by thread: Re: Update: Web browsers - a mini-farce (MSIE gives in)
Next by thread: RE: Update: Web browsers - a mini-farce (MSIE gives in)
Index(es):
- Date
- Thread