On Thu, Aug 27, 2020 at 1:59 AM Andy Shevchenko <andy.shevchenko@xxxxxxxxx> wrote: > > strcpy() is not a bad API for the cases when you know what you are > doing. A problem that most of the developers do not know what they are > doing. > No need to split everything to bad and good by its name or semantics, > each API has its own pros and cons and programmers must use their > brains. On Fri, Aug 28, 2020 at 1:17 AM Andy Shevchenko <andy.shevchenko@xxxxxxxxx> wrote: > > Seems to me that this is a fixation on an abstract problem that never > exists (of course, if a developer has brains to think). Of course, no "True Scotsman" would accidentally misuse C string.h API! https://yourlogicalfallacyis.com/no-true-scotsman (I will note the irony of my off by one in my v1 implementation of stpcpy. I've also missed strncpy zeroing the rest of a destination buffer before. I might not be a "True Scotsman.") On Thu, Aug 27, 2020 at 11:30 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > I equate "unsafe" or "fragile" with "bad". There's no reason to use our > brains for remembering what's safe or not when we can just remove unsafe > things from the available APIs, and/or lean on the compiler to help > (e.g. CONFIG_FORTIFY_SOURCE). Having seatbelts is great (ie. fortify source), but is no substitute for driving carefully (having proper APIs that help me not shoot my foot off). I think it's nice to have *both*, but if I drove solely relying on my seatbelts, we might all be in trouble. Not disagreeing with you, Kees. -- Thanks, ~Nick Desaulniers
