search for: securecod

...Cannot load plugin ./dragonegg.so >> dlopen(./dragonegg.so, 10): Symbol not found: _classify_argument > > looks like you forgot to apply the i386_static.diff patch to gcc. > > Ciao, > > Duncan. Duncan, Doesn't i386_static.diff represent a violation of... https://www.securecoding.cert.org/confluence/display/seccode/DCL36-C.+Do+not+declare+an+identifier+with+conflicting+linkage+classifications since it first declares a function as extern and then redefines it locally? Jack

...a disgusting dead > non-countable loop in my way. Perhaps Duncan will give you a proper keyword to search in GCC/LLVM ML archieve. I found a page [1], and iiuc, the C standard allow the implementation (i.e., the compiler) to remove such empty infinite loop. Regards, chenwj [1] https://www.securecoding.cert.org/confluence/display/seccode/MSC40-C.+Do+not+use+an+empty+infinite+loop -- Wei-Ren Chen (陳韋任) Computer Systems Lab, Institute of Information Science, Academia Sinica, Taiwan (R.O.C.) Tel:886-2-2788-3799 #1667 Homepage: http://people.cs.nctu.edu.tw/~chenwj

...0x00000000008f1031 in BackendStartup () #28 0x00000000008f70e0 in PostmasterMain () #29 0x00000000007f63da in main () I googled and found below info maybe useful to fix it: The best way to avoid this kind of deadlock is to Call only asynchronous-safe functions within signal handlers. https://www.securecoding.cert.org/confluence/display/c/SIG30-C.+Call+only+asynchronous-safe+functions+within+signal+handlers Thanks a lot. [[alternative HTML version deleted]]

Hi Jack, > Doesn't i386_static.diff represent a violation of... > > https://www.securecoding.cert.org/confluence/display/seccode/DCL36-C.+Do+not+declare+an+identifier+with+conflicting+linkage+classifications > > since it first declares a function as extern and then > redefines it locally? I don't think so. "Redefines it locally" is not the same as giving it inte...

We want to modify the aforementioned check so that it does not flag the exceptions that aren't nothrow copy constructible/assignable. This page http://clang.llvm.org/extra/clang-tidy/#using-clang-tidy tells me to dump the configs of all the checks using %clang-tidy -checks=* -dump-config but it does not mention the cert-err60-cpp. How do I modify the configuration of this check so that it

I do some google, I cannot find the answer... I check C std, I cannot find answer either. Delete infinite empty loop is boring, but if C/C++ lawyers could tell it is safe to to so, it would obviate the need to prove a non-countable loop infinite or not before DCE can delete it. That is the answer I'm waiting for to delete a disgusting dead non-countable loop in my way. On 11/14/2012

...in my way. > Perhaps Duncan will give you a proper keyword to search in GCC/LLVM > ML archieve. I found a page [1], and iiuc, the C standard allow the > implementation (i.e., the compiler) to remove such empty infinite loop. > > Regards, > chenwj > > [1] > https://www.securecoding.cert.org/confluence/display/seccode/MSC40-C.+Do+not+use+an+empty+infinite+loop >

...gt; #29 0x00000000007f63da in main () > > > I googled and found below info maybe useful to fix it: The > best way to > avoid this kind of deadlock is to Call only > asynchronous-safe functions > within signal handlers. > > https://www.securecoding.cert.org/confluence/display/c/SIG30-C.+Call+only+a > synchronous-safe+functions+within+signal+handlers > > Thanks a lot. > > ? ? ? ? [[alternative HTML version deleted]] > > ______________________________________________ > R-help at r-project.org mailing list...

On Tue, Apr 13, 2010 at 04:06:45PM +0200, Duncan Sands wrote: > Hi Jack, > >> Doesn't i386_static.diff represent a violation of... >> >> https://www.securecoding.cert.org/confluence/display/seccode/DCL36-C.+Do+not+declare+an+identifier+with+conflicting+linkage+classifications >> >> since it first declares a function as extern and then >> redefines it locally? > > I don't think so. "Redefines it locally" is not the s...

I thought I'd write a small guide to what Dovecot's "secure coding techniques" are and how you'd use them: http://dovecot.fi/doc/securecoding.txt

[This github thread is annoying to follow. I've switched over to the mailing list] On Thu, Nov 07, 2013 at 02:47:04AM -0800, Markus Elfring wrote: > Would you like to avoid that this software will be built on > [undefined > behaviour](https://www.securecoding.cert.org/confluence/display/seccode/CC.+Undefined+Behavior#CC.UndefinedBehavior-ub_106 > "Changes for source code which might cause undefined behaviour?")? Does it actually cause any problem? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones...

Hi Jack, > bash-3.2$ gcc-4 hello.c -S -O1 -o - -fplugin=./dragonegg.so > cc1: error: Cannot load plugin ./dragonegg.so > dlopen(./dragonegg.so, 10): Symbol not found: _classify_argument looks like you forgot to apply the i386_static.diff patch to gcc. Ciao, Duncan.

...cot-ldap.conf /usr/share/doc/dovecot-1.0/examples/dovecot-sql.conf /usr/share/doc/dovecot-1.0/examples/mkcert.sh /usr/share/doc/dovecot-1.0/index.txt /usr/share/doc/dovecot-1.0/mail-storages.txt /usr/share/doc/dovecot-1.0/multiaccess.txt /usr/share/doc/dovecot-1.0/nfs.txt /usr/share/doc/dovecot-1.0/securecoding.txt /usr/share/doc/dovecot-1.0/variables.txt /var/cache/dovecot /var/cache/dovecot/indexes /var/run/dovecot /var/run/dovecot/login

Working on setting up dovecot and having trouble logging in. I get an error in logs (below) indicating Operation not Permitted. auth_debug doesn't help. Ideas? # dovecot --version 1.1.7 # dovecot -n # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.29-gentoo-r5 i686 Gentoo Base System release 1.12.11.1 listen: *,[::] ssl_cert_file: /etc/ssl/dovecot/server.pem ssl_key_file:

I'm trying to help someone with Dovecot, and it looks like this one is a few versions behind. They say that they're not sure if it was installed Via an RPM or a source tarball. Dovecot is use MySQL. This is a RHEL5 server. There are RPMs listed as installed (rpm -qa) but I don't know how I can tell what was used to install the currently used set up. (also asking on the Postifix list)

On Sat, Apr 10, 2010 at 08:29:07PM -0500, Peter O'Gorman wrote: > On 04/10/2010 08:01 PM, Jack Howarth wrote: > > > > > bash-3.2$ GCC=/sw/bin/gcc-4 CC=gcc-4 CXX=g++-4 CFLAGS=-I/sw/include CXXFLAGS=-I/sw/include LLVM_CONFIG=/sw/lib/llvm/bin/llvm-config make > > g++-4 -c -I/sw/lib/llvm/include -D_DEBUG -D_GNU_SOURCE -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -MD