Subject: Re: vixie-crontab vunerable?
To: None <>
From: Gordon W. Ross <>
List: current-users
Date: 12/16/1996 14:27:32
> Date: Mon, 16 Dec 1996 13:44:41 -0500
> From: Bill Sommerfeld <>
> Hmm.  Anyone for producing a "libcsafe" which doesn't include:
> 	strcat
> 	strcpy
> 	sprintf
> 	gets
> and other "unsafe", but traditional, interfaces, and then linking all
> setuid system programs against it instead of libc?

You could also create a "libcsafe" that DOES include those functions,
and ONLY those, but where those functions all just call abort.  You
might also make them invoke the magic link-time warning stuff.

This library could be supplied in the library list before libc when
linking s*id programs.   (Probably a non-shared version is best.)