On Sun, 3 Dec 2017, Theo de Raadt wrote: > > EFAULT is kinda interesting in that POSIX documents its existence but > > does not require it to ever be returned. Here's what POSIX says > > normatively: ... > POSIX is a wimpy subset of UNIX, specified so unstrictly that it > becomes difficult to build secure software upon the foundation.
Sure, but I wouldn't point to its (non-)specification of EFAULT as part of that. > I believe if you don't teach people the need for strict careful > specifications -- by example -- then don't be surprised they don't learn > the lessons elsewhere, and their results are chaotic and fragile. Even when standards specify strict behavior, getting a sufficient fraction of the ecosystem to be on implementations that actually _do_ that, sufficient to have the desired effect on software development practice, is something we--the software economy--have not figured out how to accomplish. The incentive structures push the wrong way: first-to-market gains, risk and cost shifting that reduce the downside of insecure or non-compliant implementations, etc. To fix the ecosystem, the flow of benefits will stop favoring those who take shortcuts in security/safety/compliance. Philip