你使用的TR 24731“安全”的功能呢? [英] Do you use the TR 24731 'safe' functions?
问题描述
在ISO C委员会( ISO / IEC JTC1 / SC21 / WG14 )发布<一个HREF =http://www.open-std.org/JTC1/SC22/WG14/www/projects#24731-1> TR 24731-1 并正在研究的TR 24731-2 :
The ISO C committee (ISO/IEC JTC1/SC21/WG14) has published TR 24731-1 and is working on TR 24731-2:
WG14工作在TR上更安全的C库函数。这TR正朝着通过增加一个额外的参数与缓冲区长度修改现有的程序,通常为主。在文件N1225的最新草案。一个理由是在文档N1173。这是成为一个技术报告类型2。
TR 24731-1: Extensions to the C Library Part I: Bounds-checking interfaces
WG14 is working on a TR on safer C library functions. This TR is oriented towards modifying existing programs, often by adding an extra parameter with the buffer length. The latest draft is in document N1225. A rationale is in document N1173. This is to become a Technical Report type 2.
WG14工作在TR上更安全的C库函数。这TR朝使用动态分配的,而不是为缓冲区长度一个额外的参数新的方案为主。在文件N1337的最新草案。这是成为一个技术报告类型2。
WG14 is working on a TR on safer C library functions. This TR is oriented towards new programs using dynamic allocation instead of an extra parameter for the buffer length. The latest draft is in document N1337. This is to become a Technical Report type 2.
- 请您使用库或编译器支持的功能TR24731-1?
- 如果是这样,它的编译器或库和平台(S)上?
- 你有没有发现任何错误的修复您的code使用这些函数的结果?
- 哪些功能可以提供最大的价值?
- 是否有任何不提供值或负值?
- 您是否计划使用图书馆的未来?
- 您跟踪TR24731-2工作在所有
推荐答案
我一直自成立以来,这些红素直言不讳的批评(当它是一个单一的TR),并在我的任何软件永远不会使用它们。他们掩盖症状,而不是解决的原因,这是我认为,如果有什么他们将不得不在软件设计上产生负面影响,因为它们提供安全的错觉,而不是促进,能够更有效地完成同样的目标,现行做法。我并不孤单,其实我不是委员会制定这些红素之外意识到一个主要支持者的。
I have been a vocal critic of these TRs since their inception (when it was a single TR) and would never use them in any of my software. They mask symptoms instead of addressing causes and it is my opinion that if anything they will have a negative impact on software design as they provide a false sense of security instead of promoting existing practices that can accomplish the same goals much more effectively. I am not alone, in fact I am not aware of a single major proponent outside of the committee developing these TRs.
我使用的glibc,因此知道我将不得不处理这个废话,因为乌尔里希Drepper,对于glibc的维护者铅,的说的话题:
I use glibc and as such know that I will be spared having to deal with this nonsense, as Ulrich Drepper, lead maintainer for glibc, said about the topic:
建议的安全(R)ISO C库
未能解决完全发出。
...提议作出的生活
程序员更难不会
帮帮我。但是,这到底是什么
提出。 ......他们都需要更多的
要做的工作,或只是普通的
傻了。
The proposed safe(r) ISO C library fails to address to issue completely. ... Proposing to make the life of a programmer even harder is not going to help. But this is exactly what is proposed. ... They all require more work to be done or are just plain silly.
他接着细节问题与一些建议的功能,在其他地方也表示,glibc的绝不会支持这一点。
He goes on to detail problems with a number of the proposed functions and has elsewhere indicated that glibc would never support this.
奥斯汀组(负责维护POSIX)提供的TR可用一个非常严格的审查,他们的意见和委员会的反应的here 。奥斯汀组评审做了很好的工作,详细说明了许多与TR的问题,所以我不会在这里赘述了个人资料。
The Austin Group (responsible for maintaining POSIX) provided a very critical review of the TR, their comments and the committee responses available here. The Austin Group review does a very good job detailing many of the problems with the TR so I won't go into individual details here.
因此,底线是:我不使用支持或将支持这一个实现,我不打算使用过这些功能,我看到在TR没有正面价值。我个人认为,唯一的原因,TR仍然是任何形式的活着,因为它正在力推由微软谁最近被证明是非常能够把事情撞向虽然标准委员会,尽管宽-S $ P $垫反对。如果这些功能是不断规范我不认为这么做,他们将成为有史以来广泛用作该提案已经出现了好几年,并未能获得任何真正的社会的支持。
So the bottom line is: I don't use an implementation that supports or will support this, I don't plan on ever using these functions, and I see no positive value in the TR. I personally believe that the only reason the TR is still alive in any form is because it is being pushed hard by Microsoft who has recently proved very capable of getting things rammed though standards committees despite wide-spread opposition. If these functions are ever standardized I don't think they will ever become widely used as the proposal has been around for a few years now and has failed to garner any real community support.
这篇关于你使用的TR 24731“安全”的功能呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
