|
From: | Paul Eggert |
Subject: | Re: How can Autoconf help with the transition to stricter compilation defaults? |
Date: | Tue, 15 Nov 2022 12:27:03 -0800 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 |
On 2022-11-15 11:27, Jonathan Wakely wrote:
Another perspective is that autoconf shouldn't get in the way of making the C and C++ toolchain more secure by default.
Can you cite any examples of a real-world security flaw what would be found by Clang erroring out because 'char foo(void);' is the wrong prototype? Is it plausible that any such security flaw exists?
On the contrary, it's more likely that Clang's erroring out here would *introduce* a security flaw, because it would cause 'configure' to incorrectly infer that an important security-relevant function is missing and that a flawed substitute needs to be used.
Let's focus on real problems rather than worrying about imaginary ones.
[Prev in Thread] | Current Thread | [Next in Thread] |