Getting rid of insecure C function calls

by Jacek Artymiak

Related link: http://www.deadly.org/article.php3?sid=20030407005629



Jose at the OpenBSD Journal informs us that the OpenBSD team is on another code pruning trip.



So, if you want to learn how to replace dangerous standard C library functions with their bounds-checking equivalents (which is not always as simple as cut and paste), watch source-changes for information on such modifications and read relevant diffs. That's probably the best coaching in using safe function calls you can get for free :-)



Another place to look for good secure programming information is Secure Programming for Linux and Unix HOWTO by David A. Wheeler.



Also, there is a very good book on the subject, Building Secure Software by John Viega and Gary McGraw, which should be essential reading for all programmers.