|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
safestr alpha (Safe C String Library)
Date: Mon Feb 10 2003 - 20:10:18 EST
The first alpha version of the Secure C String Library (safestr) is
available at:
http://www.zork.org/safestr.html
Please DO NOT publicize this project while it is in alpha, even though we're making it available under the BSD license.
Feedback is welcome. Send it to myself and Matt Messier (mmessier AT securesoftware.com).
Currently, there is extensive documentation in the README file.
The goal of the safestr library is to provide a rich string-handling
library
or C that has safe semantics, yet interoperates with legacy library
code in
a straightforward manner. Additionally, porting code that using
standard C
string handling should be straightforward. The library should work on
all
modern Unix-like platforms, as well as any post-Win95 Microsoft OS.
The overt security goals of the library are as follows:
- Buffer overflows should not be possible when using the API.
- Format string problems should be impossible when using the API.
- The API should be capable of tracking whether strings are "trusted", a la Perl's taint mode.
The API is meant to provide rich functionality and be easy to use, all the while improving security.
To achieve interoperability with legacy code where you do not have the source or are unwilling to change it, the safestr_t type we define is completely compatible with type char *. That is, you can cast safestr_t objects to char *, and then they will act as a char * in every way. Without the explicit cast, the compiler will generate either a warning or an error (depending on how strict your compiler is).
John Received on Mon Feb 10 20:19:53 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:46 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |