On Fri, Aug 28, 2020 at 1:26 AM Kees Cook keescook@chromium.org wrote:
On Thu, Aug 27, 2020 at 11:05:42PM +0300, Andy Shevchenko wrote:
In general it's better to have a robust API, but what may go wrong with the interface where we have no length of the buffer passed, but we all know that it's PAGE_SIZE? So, what's wrong with doing something like strcpy(buf, "Yes, we know we won't overflow here\n");
(There's a whole thread[1] about this right now, actually.)
The problem isn't the uses where it's safe (obviously), it's about the uses where it is NOT safe. (Or _looks_ safe but isn't.) In order to eliminate bug classes, we need remove the APIs that are foot-guns. Even if one developer never gets it wrong, others might.
[1] https://lore.kernel.org/lkml/c256eba42a564c01a8e470320475d46f@AcuMS.aculab.c...
Seems to me that this is a fixation on an abstract problem that never exists (of course, if a developer has brains to think).