The New C11 Standard Explored
C and C++ are members of the same family of languages. The evolutionary boldness of C++ removes some of the marketplace pressure on C; people who are continually pushing for innovation are naturally drawn to the C++ development process.
Each language had a coherent original design (by Dennis Ritchie and Bjarne Stroustrup, respectively), followed by successive refinement in a very competitive marketplace of ideas. Both languages share an extreme concern for performance, with the slogan “don't leave space for a more-efficient systems-programming language underneath our language (C or C++).” However, it's unfair to complain that the original designs assigned too little importance to cybersecurity; both languages pre-date the beginnings of concern for security. But in recent years, as the marketplace has started to emphasize cybersecurity, C and C++ have been responding in several ways.
In early 2002, Bill Gates' famous “battleship-turning” memo made cybersecurity a top goal for Microsoft. About a year later, Microsoft proposed a new “bounds-checking” library to WG14, which eventually became Technical Report 24731-1. It now is part of C11 as the (optional) Annex K. (An almost-final draft of C11 is available here [PDF].)
The C11 Annex K Functions
I'll start my tour of Annex K with the fopen_s
function. The main innovation is that files are opened with exclusive (also known as non-shared) access. Furthermore, if the mode
string doesn't begin with u
(such as with code being updated from the older fopen
), then to the extent that the underlying system supports it, the file gets a file permission that prevents other users on the system from accessing the file.
In this article, I'll sequentially enumerate the security benefits of these _s
functions. The new semantics illustrate the pattern of “least privilege.” This “exclusive” mode was previously available in the Posix open()
function, but the ISO standard for C doesn't standardize system-dependent, low-level I/O. See Robert Seacord's book Secure Coding in C and C++ for detailed discussion of these various security benefits of the Annex K library.
To read more of this external content, go to “The new C standard explored,” on Dr. Dobbs.