Prach Pongpanich <[email protected]> writes: lintian should not complain about hardening for package written in pure Ocaml [0],[1],[2]
The problem is, that even pure OCaml contains enough features that may permit arbitrary memory corruptions by an attacker. For instance, String.unsafe_blit has no bounds checks, Obj.magic is an unsafe cast, Marshal.from_channel may break the type system, ... Moreover, it is almost impossible to avoid these unsafe functions, because they are used in the standard library. In principle I agree, that programs written in a certain subset of OCaml do not need these hardening features. However, at the moment this safe subset is not even identified... Bye, Hendrik -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
