Hacker News new | past | comments | ask | show | jobs | submit login

I can write a safe C++ app on my own

But only if you don't use any external libraries, once you link in someone else's code, you can no longer be sure your program is "safe".




> I can write a safe C++ app on my own >> But only if you don't use any external libraries

using an external library is not "on your own"


Can you use the STL? What boundary is considered trusted?


The point i was making is that such boundary doesn't exist - no one can write everything "on their own".

Therefore, language features to prevent a class of exploits should be a high priority when considering a project.


I can trust the compiler... I hope?



Not at all, check the Linux 5.0 bug introduced by a gcc "optimization" regarding UB.


Use CompCert! (And C instead of C++)


Don't most people link at least with basic libraries to help with I/O and other standard operating system interfaces?

Do many people really use the kernel syscall interface directly?


once you link in someone else's code, you can no longer be sure your program is "safe"

This also fits in with the "keeping a secret" analogy. Good luck keeping something secret, if it has to be shared between organizations.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: