Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

Prach Pongpanich prach...@gmail.com writes: lintian should not complain about hardening for package written in pure Ocaml [0],[1],[2] The problem is, that even pure OCaml contains enough features that may permit arbitrary memory corruptions by an attacker. For instance, String.unsafe_blit

Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

Le 06/03/2013 09:37, Hendrik Tews a écrit : In principle I agree, that programs written in a certain subset of OCaml do not need these hardening features. However, at the moment this safe subset is not even identified... OCaml has a built-in notion of unsafe feature (see ocamlobjinfo output)

Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

OCaml has a built-in notion of unsafe feature (see ocamlobjinfo output) that could serve as a starting point for that. Yes, I tried this on let f b = let a = abcde in let c = Obj.magic b in String.unsafe_blit c 0 a 0 5 For the .cmo, ocamlobjinfo surprisingly

Bug#702349: lintian should not complain about hardening for package written in pure Ocaml

Le 06/03/2013 10:48, Hendrik Tews a écrit : OCaml has a built-in notion of unsafe feature (see ocamlobjinfo output) that could serve as a starting point for that. Yes, I tried this on let f b = let a = abcde in let c = Obj.magic b in String.unsafe_blit c