Subject: Re: sprintf -> snprintf
To: George Michaelson <email@example.com>
From: Jason Thorpe <firstname.lastname@example.org>
Date: 09/20/1996 22:05:17
On Sat, 21 Sep 1996 14:54:47 +1000
George Michaelson <email@example.com> wrote:
> I don't have sources to hand. Is it even remotely plausible
> to make removing sprintf and replacing with snprintf a goal?
> How about for nominated subsets of the code?
At the very least, all the setuid/setgid programs.
> Seems to me like making buffer overrun attacks non-viable
> would prevent a lot of angst later on...
....do we have a volunteer? :-)
-- save the ancient forests - http://www.bayarea.net/~thorpej/forest/ --
Jason R. Thorpe firstname.lastname@example.org
NASA Ames Research Center Home: 408.866.1912
NAS: M/S 258-6 Work: 415.604.0935
Moffett Field, CA 94035 Pager: 415.428.6939