Subject: Re: gets()
To: Chris G. Demetriou <>
From: J.T. Conklin <>
List: current-users
Date: 03/10/1994 15:23:34
Chris> re: the gets() warning:
Chris> It *SHOULD NOT* be removed.  any program which uses gets() has
Chris> a potential bug (and, if it's a set-id program, a potential
Chris> security hole).

I disagree.  I'd like to see NetBSD become ANSI C compliant, and the
"side effect" of gets() printing a warning message makes that

I believe that Chris Torek once said (this was long ago) that he put
the warning message in gets() since there was no way to warn against
its usage at compile/link time.  But, as Roland and I have said in
earlier messages, with our ld it's now possible to get a link-time
warning.  This is where (I think) the warning belongs.

Chris> Good alternatives to gets() have been around for a long time,
Chris> and its insecure naturs has been known for a long time, too.
Chris> The only reason it's used anymore is programmer cluelessness
Chris> and/or laziness.

No argument here.