Web lists-archives.com

Re: [Mingw-users] Secure crt functions not in header files




On Thursday, May 25, 2017 1:45 PM, Keith Marshall wrote:
> On 25/05/17 16:44, John Brown wrote:
> I see that functions such as printf_s described at
> https://docs.microsoft.com/en-us/cpp/c-runtime-library/security-features-in-the-crt
> are present in /mingw/lib/libmsvcr80.a but I cannot find them in any
> MinGW header file (at least not in /mingw/include/*.h). Is there a
> particular reason for that?
>
> Perhaps because no one has been sufficiently taken in by Microsoft's
> lies, (in what way do such functions provide added security?  What user
> authentication mechanisms do they provide?), to be bothered to submit
> patches to add them.

The section entitled "Additional Security Features" at the link that I
provided explains what is more secure about these functions. It seems
to be mainly about avoiding buffer overruns as opposed to user
authentication.

> Realistically, the only security related aspect of the majority of such
> functions is that they secure an increased level of Microsoft lock-in; I
> am not enthusiastic about encouraging their use.

If you feel so strongly about it, then surely you should exclude these
functions from the import libraries? I only asked because they were
in the libraries but not in the header files.

Regards,
John Brown.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
MinGW-users mailing list
MinGW-users@xxxxxxxxxxxxxxxxxxxxx

This list observes the Etiquette found at
http://www.mingw.org/Mailing_Lists.
We ask that you be polite and do the same.  Disregard for the list etiquette may cause your account to be moderated.

_______________________________________________
You may change your MinGW Account Options or unsubscribe at:
https://lists.sourceforge.net/lists/listinfo/mingw-users
Also: mailto:mingw-users-request@xxxxxxxxxxxxxxxxxxxxx?subject=unsubscribe