To: None <tech-userlevel@NetBSD.ORG>
From: Charles M. Hannum <email@example.com>
Date: 07/27/1998 06:07:25
I probably should have sent some mail about this earlier...
The idea behind `__AUDIT__' is to enforce some restrictions on code
which are not necessarily required, but which are considered good
security practice. The main points are:
1) Disallow the use of certain interfaces which frequently cause
security problem. This includes gets(), tempnam(), etc.
2) Enforce cleaner coding practices by propagating const through
public interfaces. This prevents, e.g., modifying the static
buffers returned by some functions.
The goal is to have the entire NetBSD source tree compile with
__AUDIT__, and perhaps feed back changes to authors of third party
software as well.
So far everything has been fairly straightforward, if tedious.
sendmail may be a bit of a pain, though.