Certification (was RE: realpath(3) et al)

[Robert Watson]

The real upshot of all this, btw, is that security evaluation against the
CC and related specs will have very little relationship to closing bugs
associated with realpath(), et al.  A source code auditing effort, funded
or otherwise, would still be extremely useful, but the goal would have to
be a more pragmatic "fewer bugs", and not a certification "Grade A
Security" :-).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Network Associates Laboratories