Security scans that just look for calls to blacklisted functions and automatically flag an issue piss me off. "Haha, mktemp means you have TOCTOU! But no, the filename goes to a function that has its own check. Obv writing my own makes it safe…"
-
-
Replying to @pkhuong
A pet peeve of mine... Like, yes, I know that stat/access() have TOCTOU dangers. But the cost is just gathering additional details to make an error message after an open() failure more detailed.
1 reply 0 retweets 0 likes -
Replying to @AndresFreundTec @pkhuong
Openbsd, for a while at least, upped the ante: They added *link* time warnings against unsafe functions. Triggering even when just linking against a library using (or providing) those oh so unsafe functions.
1 reply 0 retweets 0 likes -
-
Replying to @pkhuong
Oh? The option for doing so, or having them enabled by default? Luckily haven't encountered it on my debian machine. Back then the warning was: "/usr/local/lib/libxml2.so.14.0: warning: sprintf() is often misused, please use snprintf()"
1 reply 0 retweets 1 like -
Replying to @AndresFreundTec
It's apparently baked in glibchttps://stackoverflow.com/a/742206
1 reply 1 retweet 0 likes
Ugh :(. https://sourceware.org/bugzilla/show_bug.cgi?id=12017 … it's still NEW.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.