Xcode/gcc help in enforcing secure coding?
Xcode/gcc help in enforcing secure coding?
- Subject: Xcode/gcc help in enforcing secure coding?
- From: "John C. Daub" <email@hidden>
- Date: Mon, 14 Aug 2006 16:36:02 -0500
- Thread-topic: Xcode/gcc help in enforcing secure coding?
I was wondering if there's anything Xcode/gcc can currently do to help
enforce secure coding?
I grant there's a lot here the compiler can't do, but for example take the
list of string functions to avoid:
http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGui
de/Articles/BufferOverflows.html
Couldn't gcc notice your calls to them and optionally emit a warning to say
something like "strcat is subject to buffer overflows and thus a security
problem -- use strlcat instead"? Can it do this now? If it can't, I already
have RADAR 4676414 submitted for this. :-)
Anyway, I'm just wondering if there's anything we can do with Xcode 2.x to
help enforce the guidelines Apple set down about Secure Coding. And if not,
hopefully what can be done could be done in Xcode 3.x.
Thanx.
--
John C. Daub }:-)>=
<mailto:email@hidden> <http://www.hsoi.com/>
"Some people go to bed with Lucifer
then cry when they don't greet the day with God." -- Dave Wyndorf
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden