Variadic Functions Create Security Holes?

MacOS High Sierra anyone can login as "root" w/ empty password

In understanding Mark S Miller's Ocap work in computer OS and programming languages. I have learned access control lists (ACL) create security holes allowing syntactic sugar to grant unintended root permissions.

In trying to understand exactly what functions in computer programming languages systematically allow software developers to program code vulnerabilities page

Variadic functions can create security holes with syntactic sugar in ANSI C. Apparently support for variadic functions in Go is type-safe — it doesn’t bypass type system. page Are there other programming functions impacting langsec (IDK)?

A (de)coda. I am reprising Miller's PhD paper on Robust Composition at Papers We Love Seattle on 12/7. Trying to learn more. page