Re: Xcode/gcc help in enforcing secure coding?
Re: Xcode/gcc help in enforcing secure coding?
- Subject: Re: Xcode/gcc help in enforcing secure coding?
- From: Greg Hurrell <email@hidden>
- Date: Tue, 15 Aug 2006 17:23:29 +0200
El 15/08/2006, a las 15:31, John C. Daub escribió:
Copy the declarations into a file, say BadStuff.h. Then add
__attribute__((deprecated)) or __attribute__((poison)) to each
declaration. Include BadStuff.h from a prefix header.
Yeah, that's what Sean suggested (more or less).
I'd like to see system/standard-library functions (again, like
those pointed
out in Apple's Secure Coding documentation) get this functionality
so we can
all have better code "out of the box" than us all hacking our
headers. :-)
Even though the misuse of these functions can lead to security
problems (in the same way that the misuse of firearms can lead to
people getting hurt), I don't think Apple or the GCC team will mark
them as deprecated because they're not deprecated: they're defined in
the standards. In the concrete example of strcat (brought up by the
initial poster), it's defined in ISO/IEC 9899:1990 (ISO C90).
The solution is education, and Apple already seems to be doing that
(look at the recommendations against their use in the man pages and
the other docs provided by Apple). If that solution isn't acceptable
then you can use one of the workarounds already suggested in this
thread:
- header modification
- using a prefix header
- regular code auditing
- scanning on checkin
- etc
G
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden