Re: How can Autoconf help with the transition to stricter compilation de

autoconf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How can Autoconf help with the transition to stricter compilation de

From:	Paul Eggert
Subject:	Re: How can Autoconf help with the transition to stricter compilation defaults?
Date:	Tue, 15 Nov 2022 12:27:03 -0800
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2

On 2022-11-15 11:27, Jonathan Wakely wrote:

Another perspective is that autoconf shouldn't get in the way of
making the C and C++ toolchain more secure by default.

Can you cite any examples of a real-world security flaw what would befound by Clang erroring out because 'char foo(void);' is the wrongprototype? Is it plausible that any such security flaw exists?

On the contrary, it's more likely that Clang's erroring out here would*introduce* a security flaw, because it would cause 'configure' toincorrectly infer that an important security-relevant function ismissing and that a flawed substitute needs to be used.


Let's focus on real problems rather than worrying about imaginary ones.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: How can Autoconf help with the transition to stricter compilation defaults?, (continued)

Prev by Date: Re: How can Autoconf help with the transition to stricter compilation defaults?
Next by Date: Re: How can Autoconf help with the transition to stricter compilation defaults?
Previous by thread: Re: How can Autoconf help with the transition to stricter compilation defaults?
Next by thread: Re: How can Autoconf help with the transition to stricter compilation defaults?
Index(es):
- Date
- Thread