Security scans that just look for calls to blacklisted functions and automatically flag an issue piss me off. "Haha, mktemp means you have TOCTOU! But no, the filename goes to a function that has its own check. Obv writing my own makes it safe…"
A pet peeve of mine... Like, yes, I know that stat/access() have TOCTOU dangers. But the cost is just gathering additional details to make an error message after an open() failure more detailed.
-
-
Openbsd, for a while at least, upped the ante: They added *link* time warnings against unsafe functions. Triggering even when just linking against a library using (or providing) those oh so unsafe functions.
-
I see the same with gnu ld on debian :/
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.