Wednesday, November 09, 2005

Infamous software bugs

An interesting Wired article on History's Worst Software Bugs. I remember this event in particular, since I was sys admin on a small cluster of Unix machines at the time:

1988 -- Buffer overflow in Berkeley Unix finger daemon. The first internet worm (the so-called Morris Worm) infects between 2,000 and 6,000 computers in less than a day by taking advantage of a buffer overflow. The specific code is a function in the standard input/output library routine called gets() designed to get a line of text over the network. Unfortunately, gets() has no provision to limit its input, and an overly large input allows the worm to take over any machine to which it can connect.

Programmers respond by attempting to stamp out the gets() function in working code, but they refuse to remove it from the C programming language's standard input/output library, where it remains to this day.


Post a Comment

Links to this post:

Create a Link

<< Home