Whidbey's Secure CRT

Secure CRT

Michał Cierniak — Thu, 30 Mar 2006 07:07:35 GMT

One of the cool new things we are doing in the security push is the conversion of all uses of potentially...

What is Microsoft doing for security?

Office Development, Security, Randomness... — Wed, 17 Aug 2005 05:32:50 GMT

A recent comment on the IE Blog made it pretty apparent that not everybody is aware...

'A truck the size of Sun's Java runtime environment'

Alex Campbell — Sat, 05 Feb 2005 06:37:00 GMT

re: Whidbey's Secure CRT

Shawn — Tue, 13 Apr 2004 00:53:00 GMT

John McCormick's written a column on builder.com that points out these new features as well. You can find it here: http://builder.com.com/5100-6370-5185809.html

re: Whidbey's Secure CRT

Shawn — Fri, 09 Apr 2004 17:56:00 GMT

> Does this mean that existing Microsoft's CRT doesn't check all input parameters?

That's correct, but its not just Microsoft's CRT. C libraries assume that all parameters passed into them are valid. If you use GCC and GLIBC, pass null into printf and see what happens, you'll segfault. Even if they wanted to, due to function signatures it'd be impossible for CRT implementers to check all parameters. For instance, how can strcat check that the output buffer is big enough?

> And the fix to that problem is not to fix the code but rather create new one?

Again, fixing the code would break compatiblity with the C standard library. strcpy simply cannot check its output parameters.

> Microsoft already came up with StrSafe.h, does this mean that they will keep coming up and abandoning code every couple years or so?

StrSafe was developed during our security push in 2002. It's still a valid and supported library, and will be shipped with Whibey as well. However StrSafe only fixed the C library string functions. The new Secure CRT improves many other C library functions (such as printf and calloc). It also improves the C++ library.

> Microsoft felt like they need to come up with something that isn't so they can yet again lock code onto their platforms.

As I mention in my post, the secure CRT has been submitted for standardization. See http://std.dkuug.dk/jtc1/sc22/wg14/www/docs/n1031.pdf for details.

Security changes in VS2005 CRT

SiM Weblog — Fri, 09 Apr 2004 09:16:00 GMT

re: Whidbey's Secure CRT

Jerry Pisk — Fri, 09 Apr 2004 02:47:00 GMT

Does this mean that existing Microsoft's CRT doesn't check all input parameters? And the fix to that problem is not to fix the code but rather create new one? As for the rest - Microsoft already came up with StrSafe.h, does this mean that they will keep coming up and abandoning code every couple years or so? It's probably that StrSafe.h was portable, so Microsoft felt like they need to come up with something that isn't so they can yet again lock code onto their platforms.

'Whidbey's Secure CRT'

Yves Dolce — Fri, 09 Apr 2004 02:01:00 GMT