[CLUE-Tech] OT: C code security - what to look for?
David Anselmi
anselmi at americanisp.net
Sun Aug 10 16:05:11 MDT 2003
Matt Gushee wrote:
> Hi, all--
>
> Well, this isn't strictly a Linux question,
And I don't strictly have an answer...
> Here I am, the new maintainer of the OCaml interface to GD.
I assume that GD is written in C, and you want to call its functions
from OCaml. I've heard people talk about that before but never
understood how to do it. E.g., you can use the Qt libs from Ada.
Can you post an example, or a pointer to somewhere that explains how to
do this?
> What kinds of problems should I watch for (I know about buffer
> overruns ... what else?)?
Big topic. Really what you want is to write quality code. But if
you're writing an interface, isn't most of the code (and bugs) in the GD
library itself?
I've heard about "Building Secure Software" from Addison Wesley. No
library hits, sadly. There's also "Writing Secure Code" from MS Press
(believe it or not). IIRC I heard about that one from a non-MS source,
FWIW.
Dave
More information about the clue-tech
mailing list