• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Xcode/gcc help in enforcing secure coding?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Xcode/gcc help in enforcing secure coding?

  • Subject: Re: Xcode/gcc help in enforcing secure coding?
  • From: Rush Manbert <email@hidden>
  • Date: Tue, 15 Aug 2006 11:53:32 -0700
Steve Checkoway wrote: 

On Aug 14, 2006, at 5:42 PM, Sean McBride wrote:

John C. Daub (email@hidden) on 2006-08-14 17:36 said:

Anyway, I'm just wondering if there's anything we can do with Xcode 2.x to
help enforce the guidelines Apple set down about Secure Coding. And if not,
hopefully what can be done could be done in Xcode 3.x. 


No that I know of.  I believe MS has marked some of those functions as
deprecated in its newest tools, I'd like to see Apple do that.  You
could probably do the same by hacking your headers and using the
DEPRECATED_ATTRIBUTE #define from AvailabilityMacros.h.  Then fix all
your warnings.


Apple, if you're listening, please, PLEASE do not mark standard library functions deprecated that really aren't. I'm understand the desire for some of the more dangerous functions but strlen is _not_ deprecated and microsoft pretending that it is is simply stupid. It's very annoying to use a standard function only to find that other people on the project using Windows cannot build because MS has decided to remove/rename/deprecate the function.


I have dealt with this very problem recently. What I found in my particular situation was that MS had replaced the "deprecated" function with a function that took a buffer size as well as a pointer. I have been in this business a long time and I can't tell you how many times I have seen programmers screw up this sort of function call. They pass sizeof(foo) when they are passing a pointer to a bar, or they pass a hard coded buffer size that's wrong, etc. There are many many ways to mess this up. I find it very hard to believe that using the MS "secure" library functions makes any real improvement.

Just my opinion. But I second Steve's plea. Don't try to protect us from ourselves in this area. But do give us that Time Machine thing in Leopard. ;-)

- Rush
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Xcode/gcc help in enforcing secure coding? (From: "John C. Daub" <email@hidden>)


 >Re: Xcode/gcc help in enforcing secure coding? (From: "Sean McBride" <email@hidden>)


 >Re: Xcode/gcc help in enforcing secure coding? (From: Steve Checkoway <email@hidden>)






    

  • Prev by Date:
Re: debugging an scons based project?

    • 

  • Next by Date:
Xcode 2.4 bug fixes?

    • 

  • Previous by thread:
Re: Xcode/gcc help in enforcing secure coding?

    • 

  • Next by thread:
Re: Xcode/gcc help in enforcing secure coding?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •