Subject: Re: gets()
To: None <barrett@daisy.ee.und.ac.za>
From: Roland McGrath <roland@frob.com>
List: current-users
Date: 03/10/1994 16:37:00
I must agree that `gets' printing on stderr is one of the more
egregiously stupid things I have seen.  gets should certainly not be
used, but sometimes one just doesn't care and this gratuitously breaks
programs which could work fine given known-limited input domain.  (It
also makes netbsd not conform to ANSI C or POSIX.1, which it almost
would otherwise.)

I haven't checked netbsd's current ld, but in the old GNU ld it is
based on, there is a symbol-warning feature that was added just for
gets (and this is what GNU uses to discourage use of gets).  Adding
the right magic stabs entry in gets.c makes ld emit a warning message
(text of your own choosing) whenever gets.o is linked in.  This is a
much less intrusive way to remind people not to use gets; and it also
reminds the people who matter--the people building the software.  The
people using it are unlikely to benefit much from the knowledge that
gets loses and is in use (so they know not to type more than 80 chars,
or BUFSIZ chars, or whatever it happens to be in the specific program;
but did they really care?  Would they have thought it at all bizarre
if some random unix program unexplainedly crashed on them?).
Obviously anyone who installs a program using gets so that program has
any privilege (such as running as root), or takes input from the world
at large (i.e., the net) using gets, is a fool (or, wonder of wonders,
might just not give a rat's ass about security--THIS IS NOT A CRIME).

------------------------------------------------------------------------------