Re: Xcode/gcc help in enforcing secure coding?
Re: Xcode/gcc help in enforcing secure coding?
- Subject: Re: Xcode/gcc help in enforcing secure coding?
- From: Rush Manbert <email@hidden>
- Date: Tue, 15 Aug 2006 11:53:32 -0700
Steve Checkoway wrote:
On Aug 14, 2006, at 5:42 PM, Sean McBride wrote:
John C. Daub (email@hidden) on 2006-08-14 17:36 said:
Anyway, I'm just wondering if there's anything we can do with Xcode
2.x to
help enforce the guidelines Apple set down about Secure Coding. And
if not,
hopefully what can be done could be done in Xcode 3.x.
No that I know of. I believe MS has marked some of those functions as
deprecated in its newest tools, I'd like to see Apple do that. You
could probably do the same by hacking your headers and using the
DEPRECATED_ATTRIBUTE #define from AvailabilityMacros.h. Then fix all
your warnings.
Apple, if you're listening, please, PLEASE do not mark standard library
functions deprecated that really aren't. I'm understand the desire for
some of the more dangerous functions but strlen is _not_ deprecated and
microsoft pretending that it is is simply stupid. It's very annoying to
use a standard function only to find that other people on the project
using Windows cannot build because MS has decided to
remove/rename/deprecate the function.
I have dealt with this very problem recently. What I found in my
particular situation was that MS had replaced the "deprecated" function
with a function that took a buffer size as well as a pointer. I have
been in this business a long time and I can't tell you how many times I
have seen programmers screw up this sort of function call. They pass
sizeof(foo) when they are passing a pointer to a bar, or they pass a
hard coded buffer size that's wrong, etc. There are many many ways to
mess this up. I find it very hard to believe that using the MS "secure"
library functions makes any real improvement.
Just my opinion. But I second Steve's plea. Don't try to protect us from
ourselves in this area. But do give us that Time Machine thing in
Leopard. ;-)
- Rush
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden