Kernel buffer overflow exposes iPhone 11 Pro to radio based attacks

Dukc ajieskola at gmail.com
Wed Dec 9 15:42:27 UTC 2020


On Wednesday, 9 December 2020 at 13:25:49 UTC, Timon Gehr wrote:
> On 09.12.20 12:46, Dukc wrote:
>> 
>> It might have some benefit: If non-annotated C libraries are 
>> considered `@safe`, it'll mean that not-so-quality code is 
>> using compromised `@safe`. Bad. But if they are considered 
>> `@system`, not-so-quality code will not be using `@safe` AT 
>> ALL. Even worse.
>
> That's a bit like saying it's bad if products produced using 
> slave labour don't get a fair trade label.

You're thinking `@safe` as a certificate. It can definitely help 
in doing certifying reviews, but it's also supposed to be a tool 
to catch mistakes - for all code, not just for code that wants to 
certify. That it won't catch mistakes from using the C code does 
not prevent it from catching other unrelated mistakes. That's 
still better than nothing if we don't pretend that the C headers 
are certified.

One can still add a comment to describe why the code is annotated 
`@safe` or `@trusted`.




More information about the Digitalmars-d mailing list