[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[sr #107522] Use of dangerous/banned functions
|
From: |
Jeffrey Walton |
|
Subject: |
[sr #107522] Use of dangerous/banned functions |
|
Date: |
Wed, 17 Nov 2010 00:09:00 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.04 (lucid) Firefox/3.6.12 |
Follow-up Comment #1, sr #107522 (project gnutls):
Forgot to mention....
I cited Apple's security guide because the table is compiled (so it offers
copy/paste convenience). Wheeler's security guide says about the same in more
words (Wheeler is more in depth because he also discusses other "safe"
libraries). And Microsoft has a succinct page: Security Development Lifecycle
(SDL) Banned Function Calls,
http://msdn.microsoft.com/en-us/library/bb288454.aspx.
One fellow on [BuqTraq|FunSec|FullDisclosure] summed it up nicely, "there's
no reason to be using strcpy in 2010". (can't find the reference at the
moment).
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107522>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/