The New C11 Standard Explored

C and C++ are members of the same family of languages. The evolutionary boldness of C++ removes some of the marketplace pressure on C; people who are continually pushing for innovation are naturally drawn to the C++ development process.

Each language had a coherent original design (by Dennis Ritchie and Bjarne Stroustrup, respectively), followed by successive refinement in a very competitive marketplace of ideas. Both languages share an extreme concern for performance, with the slogan “don't leave space for a more-efficient systems-programming language underneath our language (C or C++).” However, it's unfair to complain that the original designs assigned too little importance to cybersecurity; both languages pre-date the beginnings of concern for security. But in recent years, as the marketplace has started to emphasize cybersecurity, C and C++ have been responding in several ways.

In early 2002, Bill Gates' famous “battleship-turningmemo made cybersecurity a top goal for Microsoft. About a year later, Microsoft proposed a new “bounds-checking” library to WG14, which eventually became Technical Report 24731-1. It now is part of C11 as the (optional) Annex K. (An almost-final draft of C11 is available here [PDF].)

The C11 Annex K Functions

I'll start my tour of Annex K with the fopen_s function. The main innovation is that files are opened with exclusive (also known as non-shared) access. Furthermore, if the mode string doesn't begin with u (such as with code being updated from the older fopen ), then to the extent that the underlying system supports it, the file gets a file permission that prevents other users on the system from accessing the file.

In this article, I'll sequentially enumerate the security benefits of these _s functions. The new semantics illustrate the pattern of “least privilege.” This “exclusive” mode was previously available in the Posix open() function, but the ISO standard for C doesn't standardize system-dependent, low-level I/O. See Robert Seacord's book Secure Coding in C and C++ for detailed discussion of these various security benefits of the Annex K library.

To read more of this external content, go to “The new C standard explored,” on Dr. Dobbs.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.