Patch to execve
Kevin M. Kilbride
kmk at ssl.org
Sun Feb 27 15:46:07 PST 2005
Joerg Sonnenberger wrote:
const char ** and char ** are not type compatibel in ISO C.
That's IMO a shortcoming in ISO C, but we can't fix it.
Now I see the problem. The C standard does not provide for _objects_ to
be qualifier-promoted. Because of the wording of their qualifier
conversion clause, only pointers can be converted under the standard.
Thus, although a pointer to a target can be converted to add qualifiers,
the target itself must never be.
That is certainly a phenomenal oversight in the C standard, but it also
appears to be a simple fact-of-life, as Joerg correctly pointed out. I
now fully agree that altering the signatures of library and kernel calls
in any manner that might force callers to rely upon qualifier-conversion
of underlying parameter types would technically break the C standard,
and this should not be done.
Sadly, by the same token, I must also point out that using the
-Wwrite-strings option as part of the WARNS=6 package is dangerous and
should not be done. Since it is not possible to mismatch the qualifier
guarantees between library/kernel routines and user code, forcing
userland code to coerce constant call parameters into non-constant
formal parameters by creating writable temporary copies would produce a
net reduction in system robustness and security.
The documentation for the compiler actually points out the problem with
the write-strings option:
"These warnings will help you find at compile time code that can try to
write into a string constant, but only if you have been very careful
about using const in declarations and prototype. Otherwise, it will just
be a nuisance; this is why we did not make -Wall request these warnings."
It should be removed from WARNS=6.
More information about the Submit
mailing list