Security scans that just look for calls to blacklisted functions and automatically flag an issue piss me off. "Haha, mktemp means you have TOCTOU! But no, the filename goes to a function that has its own check. Obv writing my own makes it safe…"
Openbsd, for a while at least, upped the ante: They added *link* time warnings against unsafe functions. Triggering even when just linking against a library using (or providing) those oh so unsafe functions.
-
-
I see the same with gnu ld on debian :/
-
Oh? The option for doing so, or having them enabled by default? Luckily haven't encountered it on my debian machine. Back then the warning was: "/usr/local/lib/libxml2.so.14.0: warning: sprintf() is often misused, please use snprintf()"
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.