Re: improved C1X security
- From: Richard Heathfield <rjh@xxxxxxxxxxxxxxx>
- Date: Tue, 12 Aug 2008 19:13:56 +0000
Robert Seacord said:
Keith,https://www.securecoding.cert.org/confluence/display/seccode/MSC16-C.+Consider+encrypting+function+pointers
Response below:
encode_pointer(), decode_pointer() - useful in eliminating attack
vectors
Can you explain just what these are supposed to do?
There will be a paper on these functions in the WG14 mailing, which
should be out any moment now.
I wasn't planning on proposing these (as they were already being
proposed). I listed them as an example of what I was talking about.
We have a short write up on these functions in The CERT C Secure Coding
Standard here if you want to read more now:
Not so long ago I started reviewing the "CERT C" stuff in painstaking
detail, posting the results here (and on my site), but I got so little
feedback from the authors that I stopped bothering.
In general, I was disappointed with the "CERT C" document, and I don't know
of any reason why anything should suddenly have changed for the better.
--
Richard Heathfield <http://www.cpax.org.uk>
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
.
- References:
- improved C1X security
- From: Robert Seacord
- Re: improved C1X security
- From: Keith Thompson
- Re: improved C1X security
- From: Robert Seacord
- improved C1X security
- Prev by Date: Re: Why is it dangerous?
- Next by Date: Re: transforming from a non-null terminated string into a null terminated string
- Previous by thread: Re: improved C1X security
- Next by thread: Re: improved C1X security
- Index(es):
Relevant Pages
|
