Re: How can Autoconf help with the transition to stricter compilation defaults?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Jonathan Wakely <jwakely.gcc@xxxxxxxxx>
Subject: Re: How can Autoconf help with the transition to stricter compilation defaults?
From: Paul Eggert <eggert@xxxxxxxxxxx>
Date: Tue, 15 Nov 2022 12:27:03 -0800
Cc: Aaron Ballman <aaron@xxxxxxxxxxxxxxxx>, Zack Weinberg <zack@xxxxxxxxxxxx>, c-std-porting@xxxxxxxxxxxxxxx, autoconf@xxxxxxx, gcc@xxxxxxxxxxx, cfe-commits@xxxxxxxxxxxxxx, Gnulib bugs <bug-gnulib@xxxxxxx>
In-reply-to: <CAH6eHdTnMwkJi1fqo715KwJq1BsM9M=EkP4T1FMY0Kj9kf=8nQ@mail.gmail.com>
Organization: UCLA Computer Science Department
References: <24ed5604-305a-4343-a1b6-a789e4723849@app.fastmail.com> <CAAt6xTt75qBzQKt7_0ZPGaOBGnbDsuM8j_owRYzjc21n7NMqDQ@mail.gmail.com> <251923e7-57be-1611-be10-49c3067adf0d@cs.ucla.edu> <CAAt6xTuM=SykGGRYy9zSohEbgC+RoROYYiQ5wgNv-7knoaNJXw@mail.gmail.com> <7ef0ce03-d908-649a-a6ee-89fea374d2b1@cs.ucla.edu> <CAAt6xTsju9UwBJiNJabwOxZC7BXNyydkQDQv=A-7gB6w8nq5=w@mail.gmail.com> <f38000ed-6b9e-8703-6620-e5f52da9c5a2@cs.ucla.edu> <CAH6eHdS-N51Yi4wwQ1U4tM==JyJ3-OZX4ZuawJd+_UMsuZUXSg@mail.gmail.com> <9cb106e9-16ff-65ec-6a44-6567c77521dc@cs.ucla.edu> <CAH6eHdTnMwkJi1fqo715KwJq1BsM9M=EkP4T1FMY0Kj9kf=8nQ@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2

On 2022-11-15 11:27, Jonathan Wakely wrote:

Another perspective is that autoconf shouldn't get in the way of
making the C and C++ toolchain more secure by default.

Can you cite any examples of a real-world security flaw what would befound by Clang erroring out because 'char foo(void);' is the wrongprototype? Is it plausible that any such security flaw exists?

On the contrary, it's more likely that Clang's erroring out here would*introduce* a security flaw, because it would cause 'configure' toincorrectly infer that an important security-relevant function ismissing and that a flawed substitute needs to be used.


Let's focus on real problems rather than worrying about imaginary ones.

Follow-Ups:
- Re: How can Autoconf help with the transition to stricter compilation defaults?
  - From: Michael Matz
- Re: How can Autoconf help with the transition to stricter compilation defaults?
  - From: Aaron Ballman

References:
- How can Autoconf help with the transition to stricter compilation defaults?
  - From: Zack Weinberg
- Re: How can Autoconf help with the transition to stricter compilation defaults?
  - From: Aaron Ballman
- Re: How can Autoconf help with the transition to stricter compilation defaults?
  - From: Paul Eggert
- Re: How can Autoconf help with the transition to stricter compilation defaults?
  - From: Aaron Ballman
- Re: How can Autoconf help with the transition to stricter compilation defaults?
  - From: Paul Eggert
- Re: How can Autoconf help with the transition to stricter compilation defaults?
  - From: Aaron Ballman
- Re: How can Autoconf help with the transition to stricter compilation defaults?
  - From: Paul Eggert
- Re: How can Autoconf help with the transition to stricter compilation defaults?
  - From: Jonathan Wakely
- Re: How can Autoconf help with the transition to stricter compilation defaults?
  - From: Paul Eggert
- Re: How can Autoconf help with the transition to stricter compilation defaults?
  - From: Jonathan Wakely

Prev by Date: Re: How can Autoconf help with the transition to stricter compilation defaults?
Next by Date: Re: How can Autoconf help with the transition to stricter compilation defaults?
Previous by thread: Re: How can Autoconf help with the transition to stricter compilation defaults?
Next by thread: Re: How can Autoconf help with the transition to stricter compilation defaults?
Index(es):
- Date
- Thread

[Index of Archives] [GCC Help] [Kernel Discussion] [RPM Discussion] [Red Hat Development] [Yosemite News] [Linux USB] [Samba]