Subject: Re: vixie-crontab vunerable?
To: None <current-users@NetBSD.ORG>
From: None <>
List: current-users
Date: 12/16/1996 15:04:28
[I assume everyone is on current-users...]

> > Hmm.  Anyone for producing a "libcsafe" which doesn't include:
> > [...]
> > and other "unsafe", but traditional, interfaces, and then linking all
> > setuid system programs against it instead of libc?
> While i dunno about this, i do think that at the very least adding
> reference-warning macros for those functions might be appropriate.

That might be a good idea, (although a lot of systems don't have
snprintf() and I'd probably get real tired of seeing the warning
for ported software--then again, I'd probably want to see that they
use unsafe functions).

I'm not sure I like the idea of a libcsafe that just disables those
functions since it's easy to misuse the "safe" routines, too, and
at least with that name, you're implying a sense of safety that might
be completely false in the face of even stupid typos...

	char foo[80];

	snprintf(foo, 800, "...


              Allen Briggs - end killing -