Hacker News new | past | comments | ask | show | jobs | submit login

> I can write a safe C++ app on my own >> But only if you don't use any external libraries

using an external library is not "on your own"

Can you use the STL? What boundary is considered trusted?

The point i was making is that such boundary doesn't exist - no one can write everything "on their own".

Therefore, language features to prevent a class of exploits should be a high priority when considering a project.

I can trust the compiler... I hope?

Not at all, check the Linux 5.0 bug introduced by a gcc "optimization" regarding UB.

Use CompCert! (And C instead of C++)

Don't most people link at least with basic libraries to help with I/O and other standard operating system interfaces?

Do many people really use the kernel syscall interface directly?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact