Re: security enhacement to C runtime library (XXX_s)
- From: Zeppe <zeppe.remove.all.this.long.comment@xxxxxxxx>
- Date: Thu, 05 Apr 2007 16:58:41 +0100
jacob navia wrote:
has been introduced in vc8.0. Your post is OT in this group, becauseNo, it is not. Microsoft has proposed in a technical report a
it's not related to the standard C.
standardization
of the safer c library
really?!? looking in the internet, I see that it's handled by the WG14,
the same of the ISO C, that's interesting :)
can lead to buffer overflows and stuff like that. Microsoft just
implemented a version of the standard C library that performs some
checks in order to avoid that.
And that is a good idea. The problem is that the current standard
never specifies error handling in a detailed way. This is a big hole
in the standard. The errno mechanism and the other error constructs are
inadequate, specially if the standard doesn't define the error handling
in a precise way.
Great idea, I would rather say! The error handling of the M$ debug C++
library saved my life SO many times...
Yes, because, instead of making the standard function calls safe,
microsoft made a different safe library, so that you have to use
standard names in order to use it. In C++ you can still use
_CRT_SECURE_CPP_OVERLOAD_SECURE_NAMES.
In their technical report they explain their decisions. It is impossible
to make some library functions safe, for instance gets() and others.
I trust them, and I would have expected it (even if I don't have enough
info to understand what kind of safety can be reached without change the
functions declaration: for example, the safety in the format string in
printf seems a kind of magic :)). But I wonder if it could have been
possible, and a good idea, to make the user choose whether to use a safe
implementation, with the same names, of at least these functions that
don't need any change in the function declaration. That would have
allowed a lot of code to become safe without any modification and
without losing portability. It seems to me (but I haven't checked) that
the most problematic functions are those that are inherently unsafe,
maybe because they don't accept bound, and are unlikely to be found in a
code that has got basic error protection.
Something similar to the macro for C++, but more static (change of the
headers/libraries with secure ones).
Probably link error with libraries that use different implementations?
It shouldn't be the case...
What do you think?
Cheers,
Zeppe
.
- Follow-Ups:
- Re: security enhacement to C runtime library (XXX_s)
- From: Douglas A. Gwyn
- Re: security enhacement to C runtime library (XXX_s)
- References:
- security enhacement to C runtime library (XXX_s)
- From: artun
- Re: security enhacement to C runtime library (XXX_s)
- From: Zeppe
- Re: security enhacement to C runtime library (XXX_s)
- From: jacob navia
- security enhacement to C runtime library (XXX_s)
- Prev by Date: Re: security enhacement to C runtime library (XXX_s)
- Next by Date: Re: id behavior triggered by access to volatile object
- Previous by thread: Re: security enhacement to C runtime library (XXX_s)
- Next by thread: Re: security enhacement to C runtime library (XXX_s)
- Index(es):
Relevant Pages
|
