Difference between revisions of "Cpp Coding Standards/SECURITY/UnsafeFunc"
From Apache OpenOffice Wiki
m (Cpp Coding Standards/Security/UnsafeFunc moved to Cpp Coding Standards/SECURITY/UnsafeFunc: consistency) |
B michaelsen (Talk | contribs) |
||
| Line 7: | Line 7: | ||
See also David Wheeler's excellent [http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html Secure Programming for Linux and Unix HOWTO]. | See also David Wheeler's excellent [http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html Secure Programming for Linux and Unix HOWTO]. | ||
| + | [[Category:Coding Standards]] | ||
Latest revision as of 17:13, 14 December 2009
Don't use functions that are known to have security issues:
- strcpy(), strcat(), gets(), sprintf(), and the scanf() family format string problems ([v][f]printf(), [v]snprintf(), and syslog())
- race conditions (such as access(), chown(), chgrp(), chmod(), tmpfile(), tmpnam(), tempnam(), and mktemp()
- potential shell metacharacter dangers (most of the exec() family, system(), popen())
- poor random number acquisition, such as with random()
- when using alloca, limit the amount of memory requested, as it is bound by the stack size.
See also David Wheeler's excellent Secure Programming for Linux and Unix HOWTO.
