ch07.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 1,036 行 · 第 1/4 页

<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>Microsoft users who want
	to learn more about such library dependencies (but don't want to spend the money
	for VB) should check out Envelop. Envelop is a completely free 32-bit programming
	environment for Windows 95 and Windows NT. It very closely resembles Microsoft Visual
	Basic and generates attractive, fully functional 32-bit programs. It, too, has a
	set of runtime libraries and extensive documentation about how those libraries interface
	with the program. You can get it at <A HREF="ftp://ftp.cso.uiuc.edu/pub/systems/pc/winsite/win95/programr/envlp14.exe"><B>ftp://ftp.cso.uiuc.edu/pub/systems/pc/winsite/win95/programr/envlp14.exe</B></A>
	
<HR>


</BLOCKQUOTE>

<P>The key advantages of interpreted languages include</P>

<UL>
	<LI><FONT COLOR="#000000">Their programs are easily altered and edited.<BR>
	<BR>
	</FONT>
	<LI><FONT COLOR="#000000">Their programs take little disk space.<BR>
	<BR>
	</FONT>
	<LI><FONT COLOR="#000000">Their programs require little memory.</FONT>
</UL>

<PRE></PRE>
<P>Interpreted languages are popular, particularly in the UNIX community. Here is
a brief list of some well-known interpreted languages:</P>

<UL>
	<LI><FONT COLOR="#000000">Perl<BR>
	<BR>
	</FONT>
	<LI><FONT COLOR="#000000">REXX<BR>
	<BR>
	</FONT>
	<LI><FONT COLOR="#000000">Forth<BR>
	<BR>
	</FONT>
	<LI><FONT COLOR="#000000">Python<BR>
	<BR>
	</FONT>
	<LI><FONT COLOR="#000000">TCL</FONT>
</UL>

<PRE></PRE>
<P>The pitfall of using an interpreted language is that programs written in interpreted
languages are generally much slower than those written in compiled languages.
<H3><FONT COLOR="#000077"><B>Compiled Languages</B></FONT></H3>
<P>Compiled languages (such as C) are much different. Programs written in compiled
languages must be converted into binary format before they can be executed. In many
instances, this format is almost pure machine-readable code. To generate this code,
the programmer sends the human-readable program code (plain text) through a compilation
process. The program that performs this conversion is called a <I>compiler</I>.</P>
<P>After the program has been compiled, no interpreter is required for its execution.
It will run on any machine that runs the target operating system for which the program
was written. Exceptions to this rule may sometimes apply to certain portions of a
compiled program. For example, certain graphical functions are dependent on proprietary
graphics libraries. When a C program is written using such graphical libraries, certain
library components must be shipped with the binary distribution. If such library
components are missing when the program is executed, the program will exit on error.</P>
<P>The first interesting point about compiled programs is that they are fast. Because
the program is loaded entirely into memory on execution (as opposed to being interpreted
first), a great deal of speed is gained. However, as the saying goes, there is no
such thing as a free lunch. Thus, although compiled programs are fast, they are also
much larger than programs written in interpreted languages.</P>
<P>Examine following the C program. It is identical in function to the Perl program
listed previously. Here is the code in its yet-to-be-compiled state:</P>
<PRE><FONT COLOR="#0066FF">#include &lt;stdio.h&gt;
int main()
{
char name[20];
printf(&quot;Please enter your first name:   &quot;);
scanf(&quot;%s&quot;, &amp;name);
printf(&quot;Hello, %s\n&quot;, name);
printf(&quot;Are you ready to hack?\n&quot;);
return 0;
}
</FONT></PRE>
<P>Using a standard C compiler, I compiled this code in a UNIX operating system environment.
The difference in size between the two programs (the one in Perl and the one in C)
was dramatic. The Perl program was 150 bytes in size; the C program, after being
compiled, was 4141 bytes.</P>
<P>This might seem like a huge liability on the part of C, but in reality, it isn't.
The C program can be ported to almost every operating system. Furthermore, it will
run on any operating system of a certain class. If compiled for DOS, it will work
equally well under all DOS-like environments (such as PC-DOS or NDOS), not just Microsoft
DOS.
<H2><FONT COLOR="#000077"><B>Modern C: The All-Purpose Language</B></FONT></H2>
<P>C has been used over the years to create all manner of programs on a variety of
platforms. Many Microsoft Windows applications have been written in C. Similarly,
as I will explain later in this chapter, nearly all basic UNIX utilities are written
in C.</P>
<P>To generate programs written in C, you must have a C compiler. C compilers are
available for most platforms. Some of these are commercial products and some are
free to the public. Table 7.1 lists common C compilers and the platforms on which
they are available.
<H4><FONT COLOR="#000077"><B>Table 7.1. C compilers and their platforms.</B></FONT></H4>
<P>
<TABLE BORDER="1">
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT"><I>Compiler</I></TD>
		<TD ALIGN="LEFT"><I>Platform</I></TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT">GNU C (free)</TD>
		<TD ALIGN="LEFT">UNIX, Linux, DOS, VAX</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT">Borland C</TD>
		<TD ALIGN="LEFT">DOS, Windows, Windows NT</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT">Microsoft C</TD>
		<TD ALIGN="LEFT">DOS, Windows, Windows NT</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT">Watcom C</TD>
		<TD ALIGN="LEFT">DOS, Windows, Windows NT, OS/2</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT">Metrowerks CodeWarrior</TD>
		<TD ALIGN="LEFT">Mac, Windows, BeOS</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT">Symantec</TD>
		<TD ALIGN="LEFT">Macintosh, Microsoft platforms</TD>
	</TR>
</TABLE>

<H3><FONT COLOR="#000077"><B>Advantages of C</B></FONT></H3>
<P>One primary advantage of the C language is that it is smaller than many other
languages. The average individual can learn C within a reasonable period of time.
Another advantage is that C now conforms to a national standard. Thus, a programmer
can learn C and apply that knowledge on any platform, anywhere in the country.</P>
<P>C has direct relevance to the development of the Internet. As I have explained,
most modern TCP/IP implementations are written in C, and these form the basis of
data transport on the Internet. More importantly, C was used in the development of
the UNIX operating system. As I will explain in the next section of this chapter,
the UNIX operating system has, for many years, formed the larger portion of the Internet.</P>
<P>C has other advantages: One is portability. You may have seen statements on the
Internet about this or that program being <I>ported</I> to another operating system
or platform, and many of you might not know exactly what that means. <I>Portability</I>
refers to the capability of a program to be re-worked to run on a platform other
than the one for which it was originally designed (that is, the capability to take
a program written for Microsoft Windows and <I>port</I> it to the Macintosh platform).
This aspect of portability is very important, especially in an environment like the
Internet, because the Internet has many different types of systems running on it.
In order to make a program available networkwide, that program must be easily conformable
to all platforms.</P>
<P>Unlike code in other languages, C code is highly portable. For example, consider
Visual Basic. Visual Basic is a wonderful rapid application development tool that
can build programs to run on any Microsoft-based platform. However, that is the extent
of it. You cannot take the raw code of a VB application and recompile it on a Macintosh
or a Sun Sparcstation.</P>
<P>In contrast, the majority of C programs can be ported to a wide variety of platforms.
As such, C-based programs available for distribution on the Internet are almost always
distributed in source form (in other words, they are distributed in plain text code
form, or in a form that has not yet been compiled). This allows the user to compile
the program specifically for his or her own operating system environment.
<H3><FONT COLOR="#000077"><B>Limitations of C and the Creation of C++</B></FONT></H3>
<P>Despite these wonderful features, C has certain limitations. C is not, for example,
an object-oriented language. Managing very large programs in C (where the code exceeds
100,000 lines) can be difficult. For this, C++ was created. C++ lineage is deeply
rooted in C, but works differently. Because this section contains only brief coverage
of C, I will not discuss C++ extensively. However, you should note that C++ is generally
included as an option in most modern C compilers.</P>
<P>C++ is an extremely powerful programming language and has led to dramatic changes
in the way programming is accomplished. C++ allows for encapsulation of complex functions
into entities called <I>objects</I>. These objects allow easier control and organization
of large and complex programs.</P>
<P>In closing, C is a popular, portable, and lightweight programming language. It
is based on a national standard and was used in the development of the UNIX operating
system.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>Readers who want to learn
	more about the C programming language should obtain the book <I>The C Programming
	Language </I>by Brian W. Kernighan and Dennis M. Ritchie. (Prentice Hall, ISBN 0-13-110370-9).
	This book is a standard. It is extremely revealing; after all, it is written by two
	men who developed the language.</P>
	<P>Other popular books on C include</P>
	<P><I>C: A Reference Manual.</I> Samuel P. Harbison and Guy L. Steele. Prentice-Hall.
	ISBN 0-13-109802-0. 1987.</P>
	<P><I>Teach Yourself C in 21 Days.</I> Peter Aitkin and Bradley Jones. Sams Publishing.
	ISBN 0-672-30448-1.</P>
	<P><I>Teach Yourself C.</I><B> </B>Herbert Schildt. Osborne McGraw-Hill. ISBN 0-07-881596-7.
	
<HR>


</BLOCKQUOTE>

<H2><FONT COLOR="#000077"><B>UNIX</B></FONT></H2>
<P>The UNIX operating system has a long and rich history. Today, UNIX is one of the
most widely used operating systems, particularly on the Internet. In fact, UNIX actually
comprises much of the Net, being the number one system used on servers in the void.</P>
<P>Created in 1969 by Ken Thompson of Bell Labs, the first version of UNIX ran on
a Digital Equipment Corporation (DEC) PDP-7. Of course, that system bore no resemblance
to modern UNIX. For example, UNIX has been traditionally known as a multiuser system
(in other words, many users can work simultaneously on a single UNIX box). In contrast,
the system created by Thompson was reportedly a single-user system, and a bare bones
one at that.</P>
<P>When users today think of an operating system, they imagine something that includes
basic utilities, text editors, help files, a windowing system, networking tools,
and so forth. This is because the personal computer has become a household item.
As such, end-user systems incorporate great complexity and user-friendly design.
Alas, the first UNIX system was nothing like this. Instead, it was composed of only
the most necessary utilities to operate effectively. For a moment, place yourself
in Ken Thompson's position. Before you create dozens of complex programs like those
mentioned previously, you are faced with a more practical task: getting the system
to boot.</P>
<P>In any event, Thompson and Dennis Ritchie ported UNIX to a DEC PDP-11/20 a year
later. From there, UNIX underwent considerable development. Between 1970 and 1973,
UNIX was completely reworked and written in the C programming language. This was
reportedly a major improvement and eliminated many of the bugs inherent to the original
implementation.</P>
<P>In the years that followed, UNIX source code was distributed to universities throughout
the country. This, more than any other thing, contributed to the success of UNIX.</P>
<P>First, the research and academic communities took an immediate liking to UNIX.
Hence, it was used in many educational exercises. This had a direct effect on the
commercial world. As explained by Mike Loukides, an editor for O'Reilly &amp; Associates
and a UNIX guru:

<DL>
	<DD>Schools were turning out loads of very competent computer users (and systems
	programmers) who already knew UNIX. You could therefore &quot;buy&quot; a ready-made
	programming staff. You didn't have to train them on the intricacies of some unknown
	operating system.
</DL>

<P>Also, because the source was free to these universities, UNIX was open for development
by students. This openness quickly led to UNIX being ported to other machines, which
only increased the UNIX user base.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>Because UNIX source is widely known
	and available, more flaws in the system security structure are also known. This is
	in sharp contrast to proprietary systems. Such proprietary software manufacturers
	refuse to disclose their source except to very select recipients, leaving many questions
	about their security as yet unanswered. 
<HR>


</BLOCKQUOTE>

<P>Several years passed, and UNIX continued to gain popularity. It became so popular,
in fact, that in 1978, AT&amp;T decided to commercialize the operating system and
demand licensing fees (after all, it had obviously created a winning product). This