http://llvm.org/bugs/show_bug.cgi?id=11053
Summary: Checker should warn against any use of vfork()
Product: clang
Version: trunk
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P
Component: Static Analyzer
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
Created an attachment (id=7391)
--> (http://llvm.org/bugs/attachment.cgi?id=7391)
Patch adds use of vfork() as a security issue.
According to SEI CERT guideline POS33-C[*], vfork(2) should not be used due to
potential denial of service issues and undefined behaviour across different
implementations. The attached patch adds a check to
experimental.security.SecuritySyntactic to detect and report an issue on use of
vfork().
[*]
https://www.securecoding.cert.org/confluence/display/seccode/POS33-C.+Do+not+use+vfork%28%29
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
