Re: Patch to execve

["Kevin M. Kilbride" <kmk@xxxxxxx>]

Joerg Sonnenberger wrote:

> const char ** and char ** are not type compatibel in ISO C.
> That's IMO a shortcoming in ISO C, but we can't fix it.
>  

Now I see the problem. The C standard does not provide for _objects_ to 
be qualifier-promoted. Because of the wording of their qualifier 
conversion clause, only pointers can be converted under the standard. 
Thus, although a pointer to a target can be converted to add qualifiers, 
the target itself must never be.

That is certainly a phenomenal oversight in the C standard, but it also 
appears to be a simple fact-of-life, as Joerg correctly pointed out. I 
now fully agree that altering the signatures of library and kernel calls 
in any manner that might force callers to rely upon qualifier-conversion 
of underlying parameter types would technically break the C standard, 
and this should not be done.

Sadly, by the same token, I must also point out that using the 
-Wwrite-strings option as part of the WARNS=6 package is dangerous and 
should not be done. Since it is not possible to mismatch the qualifier 
guarantees between library/kernel routines and user code, forcing 
userland code to coerce constant call parameters into non-constant 
formal parameters by creating writable temporary copies would produce a 
net reduction in system robustness and security.

The documentation for the compiler actually points out the problem with 
the write-strings option:

"These warnings will help you find at compile time code that can try to 
write into a string constant, but only if you have been very careful 
about using const in declarations and prototype. Otherwise, it will just 
be a nuisance; this is why we did not make -Wall request these warnings."

It should be removed from WARNS=6.