How can Autoconf help with the transition to stricter compilation defaults?
Paul Eggert via cfe-commits
cfe-commits at lists.llvm.org
Tue Nov 15 12:27:03 PST 2022
On 2022-11-15 11:27, Jonathan Wakely wrote:
> Another perspective is that autoconf shouldn't get in the way of
> making the C and C++ toolchain more secure by default.
Can you cite any examples of a real-world security flaw what would be
found by Clang erroring out because 'char foo(void);' is the wrong
prototype? Is it plausible that any such security flaw exists?
On the contrary, it's more likely that Clang's erroring out here would
*introduce* a security flaw, because it would cause 'configure' to
incorrectly infer that an important security-relevant function is
missing and that a flawed substitute needs to be used.
Let's focus on real problems rather than worrying about imaginary ones.
More information about the cfe-commits
mailing list