Re: How can Autoconf help with the transition to stricter compilation defaults?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2022-11-15 11:27, Jonathan Wakely wrote:
Another perspective is that autoconf shouldn't get in the way of
making the C and C++ toolchain more secure by default.

Can you cite any examples of a real-world security flaw what would be found by Clang erroring out because 'char foo(void);' is the wrong prototype? Is it plausible that any such security flaw exists?

On the contrary, it's more likely that Clang's erroring out here would *introduce* a security flaw, because it would cause 'configure' to incorrectly infer that an important security-relevant function is missing and that a flawed substitute needs to be used.

Let's focus on real problems rather than worrying about imaginary ones.




[Index of Archives]     [GCC Help]     [Kernel Discussion]     [RPM Discussion]     [Red Hat Development]     [Yosemite News]     [Linux USB]     [Samba]

  Powered by Linux