Subject: Re: vixie-crontab vunerable?
To: None <current-users@NetBSD.ORG>
From: None <email@example.com>
Date: 12/16/1996 15:04:28
[I assume everyone is on current-users...]
> > Hmm. Anyone for producing a "libcsafe" which doesn't include:
> > [...]
> > and other "unsafe", but traditional, interfaces, and then linking all
> > setuid system programs against it instead of libc?
> While i dunno about this, i do think that at the very least adding
> reference-warning macros for those functions might be appropriate.
That might be a good idea, (although a lot of systems don't have
snprintf() and I'd probably get real tired of seeing the warning
for ported software--then again, I'd probably want to see that they
use unsafe functions).
I'm not sure I like the idea of a libcsafe that just disables those
functions since it's easy to misuse the "safe" routines, too, and
at least with that name, you're implying a sense of safety that might
be completely false in the face of even stupid typos...
snprintf(foo, 800, "...
Allen Briggs - end killing - firstname.lastname@example.org