Kelsey said:
[snips]
Good point, but there are unfortunately quite a few semi-educated chimps
out there writing code.
There are, indeed.
I suppose one could argue the warning is
there in hope that those who need it would try to find out *why* strcpy
is unsafe or how to use it properly. Or perhaps they'd just be
persuaded to use strcpy_s or gets_s as an alternative. Better than just
blindly churning out bad code -- not everyone's an expert, I'm afraid.
For those of us who already know better, we can just suppress or ignore
that particular warning, right?
I think the problem with this - for me, at least - is it's attempting to
do the Wrong Thing, yet make it appear to be the Right Thing.
One can try to make a language "safe", remove all the potentially risky
constructs, check and validate everything, hand-hold at every possible
opportunity and so forth, but what is the result of this?
I tend to think it's going to be a lot of even *worse* code, written by
people who rely on the compiler or language to spot the flaws rather than
applying good practices, while the actual good programmers get stuck with
tools that, once useful, are now crippled to the point of uselessness.
You can't prevent bad coders writing bad code; you *can*, however, make
the languages or tools so bad that good coders can no long write good code
with them.
This is a valid point of view, but as always in these things, it depends
on many other factors if it is applicable or not.
Why you do not build big systems in assembly language?
Because the abstraction level is so low, that even careful programmers
have a difficult time avoiding mistakes.
Usage of bad tools can be compensated by the programmer, but they will
eventually provoke an error. Eeven if the programmer is good at his/her
job, he/she is human, and hence mistakes are unavoidable.
A good language gives tools that are not foolproof, but that help
avoid mistakes.
Robert Seacord, of CERT, says about strcpy:
(article in Dr Dobbs, Oct 1st, 2005)
<quote>
Standard Library string functions like strcpy() are not considered
secure by today's standards. The Managed String Library is one possible
solution.
Robert C. Seacord is Senior Vulnerability Analyst for CERT/CC and author
of Secure Coding in C and C++ (Addison-Wesley, 2005). He can be reached
at (e-mail address removed).
Strings—such as command-line arguments, environment variables, and
console input—are of special concern in secure programming because they
account for most of the data exchanged between an end user and a
software system. Graphic and web-based applications make extensive use
of text input fields and, because of standards like XML, data exchanged
between programs is increasingly in string form as well. As a result,
weaknesses in string representation, string management, and string
manipulation have led to a broad range of software vulnerabilities and
exploits.
Many of the vulnerabilities in existing C code result from interactions
with standardized library calls that, by today's standards, would no
longer be considered secure (strcpy(), for example). Unfortunately,
because these functions are standard, they continue to be supported and
developers continue to use them—often to detrimental effect.
<end quote>
The article goes on, pointing several of the many bugs you can build
into your code by using strcpy. It makes for a good read.
jacob
