[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#919682: RFP: safeclib -- safec libc extension with all C11 Annex K functions

Package: wnpp
Severity: wishlist

* Package name    : safeclib
  Version         : 3.4.0
  Upstream Author : Reini Urban rurban@cpan.org
* URL             : https://github.com/rurban/safeclib/
* License         : MIT like
  Programming Lang: C
  Description     : safec libc extension with all C11 Annex K functions

This library implements the secure C11 Annex K functions on top of most libc
implementations, which are missing from them.

The ISO TR24731 Bounds Checking Interface documents indicate that the key
motivation for the new specification is to help mitigate the ever increasing
security attacks, specifically the buffer overrun.

The rationale document says ``Buffer overrun attacks continue to be a security
problem. Roughly 10% of vulnerability reports cataloged by CERT from
01/01/2005 to 07/01/2005 involved buffer overflows. Preventing buffer overruns
is the primary, but not the only, motivation for this technical report.''

The rationale document continues ``that these only mitigate, that is lessen,
security problems. When used properly, these functions decrease the danger
buffer overrun attacks. Source code may remain vulnerable due to other bugs
and security issues. The highest level of security is achieved by building in
layers of security utilizing multiple strategies.''

.The rationale document lists the following key points for TR24731:
- Guard against overflowing a buffer
- Do not produce unterminated strings
- Do not unexpectedly truncate strings
- Provide a library useful to existing code
- Preserve the null terminated string datatype
- Only require local edits to programs
- Library based solution
- Support compile-time checking
- Make failures obvious
- Zero buffers, null strings
- Runtime-constraint handler mechanism
- Support re-entrant code
- Consistent naming scheme
- Have a uniform pattern for the function parameters and return type
- Deference to existing technology

and the following can be added...

- provide a library of functions with like behavior
- provide a library of functions that promote and increase code safety and
- provide a library of functions that are efficient

The C11 Standard adopted many of these points, and added some secure
`_s` variants in the Annex K.  The Microsoft Windows/MINGW secure API
did the same, but deviated in some functions from the standard.
Besides Windows (with its msvcrt, ucrt, reactos msvcrt and wine msvcrt
variants) only the unused stlport, Android's Bionic and Embarcadero
implemented this C11 secure Annex K API so far.  They are still
missing from glibc, musl, FreeBSD, darwin and DragonFly libc, OpenBSD
libc, newlib, dietlibc, uClibc, minilibc.

Reply to: