Outline for October 6, 2005

Reading: B. Miller, L. Fredriksen, and B, So, "An Empirical Study of the Reliability of UNIX Utilities," Communications of the CACM 33 (12) pp. 32-44 (Dec. 1990).

 

  1. Puzzle of the day
  2. Bad programming (continued)
    1. File access race condition (xterm race)
    2. Signalling race condition (ftpd bug)
    3. Environment variables (vi games)
    4. Not resetting privilege (Purdue games)
    5. Unknown interaction with other system components (finger port is finger and not chargen)
  3. Good programming
    1. Understand what the program is to do
    2. Design the program (or programs) accordingly
    3. Implement it, checking at each step for possible problems
    4. Put the components together, testing interfaces
    5. Test the program in the environment in which it is to be used

Puzzle of the Day

The following item appeared in the current issue of the RISKS Digest1:

What other types of devices may have this problem? How could you check for it? How could you protect against it without rebuilding the device?


Footnote

1. The RISKS Digest 24 (6) (Oct. 5, 2005).

Here is a PDF version of this document.