> any program which uses gets() has a potential
> bug (and, if it's a set-id program, a potential security hole).

This is not the case.  There are uses of gets() that are completely
safe, for example when the program itself has written the file that is
being read.

I agree that people should be encouraged to use fgets() instead.  A
link-time warning would be appropriate.

-- Richard


------------------------------------------------------------------------------