On Thu, 4 Dec 2003, Anthony de Boer wrote:

Peter Hiscocks wrote:

...

So, it is an interesting challenge to the language writers to create something that has the power of the C language and still does (say) automatic checking of array bounds.

This idea may be fine within an application, but it breaks down at security boundaries like the user/kernel interface, since the kernel had better not trust the user program's claim of the size of an array (this

And it does not. The kernel invariably verifies the access rights on the passed data field, whose size is explicitly passed to the kernel, before doing anything else. If it does not, then there is a bug in the kernel, not in C. Peter -- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml