On Tue, 12 Nov 96 23:13:35 -0500 (EST), woods@kuma.web.net (Greg A. Woods)  
mumbled:
> > 1.) Show me a situation where this is an absolutely neccessary feature,
> > which cannot be implemented with current tools.
>
> I never claimed it was an absolutely necessary feature.
>
> I do claim it cannot be implemented by any current tools without
> modification of said tools.

Why do we need it then? 8-]

The proposed snippet of code relies on strings routines (among others) to  
be bulletproof.  Is that a safe assumption?

I could imagine denial of service attacks (and possibly more) by supplying  
"near infinite" long login name + args strings. There needs to be a  
barrier for how long the list of args can be... I don't recall that there  
were any provisions for that in the code snippet.  Also, what do these  
routines barf on that could be supplied as an arg?

Regards,
--
Christian Kuhtz <kuhtz@ix.netcom.com>, office: ckuhtz@paranet.com
Network/UNIX Specialist for Paranet, Inc. http://www.paranet.com/
Supercomputing Junkie, et al               MIME/NeXTmail accepted
---- BOYCOTT INTERNET SPAM! See URL http://www.vix.com/spam/ ----