Patch to execve

Kevin M. Kilbride kmk at ssl.org
Sun Feb 27 15:46:07 PST 2005


Joerg Sonnenberger wrote:

const char ** and char ** are not type compatibel in ISO C.
That's IMO a shortcoming in ISO C, but we can't fix it.
 

Now I see the problem. The C standard does not provide for _objects_ to 
be qualifier-promoted. Because of the wording of their qualifier 
conversion clause, only pointers can be converted under the standard. 
Thus, although a pointer to a target can be converted to add qualifiers, 
the target itself must never be.

That is certainly a phenomenal oversight in the C standard, but it also 
appears to be a simple fact-of-life, as Joerg correctly pointed out. I 
now fully agree that altering the signatures of library and kernel calls 
in any manner that might force callers to rely upon qualifier-conversion 
of underlying parameter types would technically break the C standard, 
and this should not be done.

Sadly, by the same token, I must also point out that using the 
-Wwrite-strings option as part of the WARNS=6 package is dangerous and 
should not be done. Since it is not possible to mismatch the qualifier 
guarantees between library/kernel routines and user code, forcing 
userland code to coerce constant call parameters into non-constant 
formal parameters by creating writable temporary copies would produce a 
net reduction in system robustness and security.

The documentation for the compiler actually points out the problem with 
the write-strings option:

"These warnings will help you find at compile time code that can try to 
write into a string constant, but only if you have been very careful 
about using const in declarations and prototype. Otherwise, it will just 
be a nuisance; this is why we did not make -Wall request these warnings."

It should be removed from WARNS=6.






More information about the Submit mailing list