On Thu, Aug 27, 2020 at 1:59 AM Andy Shevchenko andy.shevchenko@gmail.com wrote:
strcpy() is not a bad API for the cases when you know what you are doing. A problem that most of the developers do not know what they are doing. No need to split everything to bad and good by its name or semantics, each API has its own pros and cons and programmers must use their brains.
On Fri, Aug 28, 2020 at 1:17 AM Andy Shevchenko andy.shevchenko@gmail.com wrote:
Seems to me that this is a fixation on an abstract problem that never exists (of course, if a developer has brains to think).
Of course, no "True Scotsman" would accidentally misuse C string.h API! https://yourlogicalfallacyis.com/no-true-scotsman
(I will note the irony of my off by one in my v1 implementation of stpcpy. I've also missed strncpy zeroing the rest of a destination buffer before. I might not be a "True Scotsman.")
On Thu, Aug 27, 2020 at 11:30 AM Kees Cook keescook@chromium.org wrote:
I equate "unsafe" or "fragile" with "bad". There's no reason to use our brains for remembering what's safe or not when we can just remove unsafe things from the available APIs, and/or lean on the compiler to help (e.g. CONFIG_FORTIFY_SOURCE).
Having seatbelts is great (ie. fortify source), but is no substitute for driving carefully (having proper APIs that help me not shoot my foot off). I think it's nice to have *both*, but if I drove solely relying on my seatbelts, we might all be in trouble. Not disagreeing with you, Kees.