On Sat, 21 Sep 1996 14:54:47 +1000 
 George Michaelson <ggm@connect.com.au> wrote:

 > I don't have sources to hand. Is it even remotely plausible
 > to make removing sprintf and replacing with snprintf a goal?

sounds marvelous...

 > How about for nominated subsets of the code?

At the very least, all the setuid/setgid programs.

 > Seems to me like making buffer overrun attacks non-viable
 > would prevent a lot of angst later on...

....do we have a volunteer?  :-)

 -- save the ancient forests - http://www.bayarea.net/~thorpej/forest/ -- 
Jason R. Thorpe                                       thorpej@nas.nasa.gov
NASA Ames Research Center                               Home: 408.866.1912
NAS: M/S 258-6                                          Work: 415.604.0935
Moffett Field, CA 94035                                Pager: 415.428.6939