> Date: Mon, 16 Dec 1996 21:06:00 +0000 (GMT)
> From: David Brownlee <david@mono.org>
> X-Sender: david@mars.southern.net
> Reply-To: David Brownlee <david@mono.org>
> Cc: sommerfeld@orchard.medford.ma.us, jfw@jfwhome.funhouse.com,
>         current-users@netbsd.org
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> 
> On Mon, 16 Dec 1996, Gordon W. Ross wrote:
> 
> > > From: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
> > > 
> > > Hmm.  Anyone for producing a "libcsafe" which doesn't include:
> > > 
> > > 	strcat
> > > 	strcpy
> > > 	sprintf
> > > 	gets
> > > 
> > > and other "unsafe", but traditional, interfaces, and then linking all
> > > setuid system programs against it instead of libc?
> > 
> > You could also create a "libcsafe" that DOES include those functions,
> > and ONLY those, but where those functions all just call abort.  You
> 
> 	This feels wrong to me - you either want the program not to link
> 	at all, or to link and run. Having a program that links, then
> 	at some random time later aborts due to a little used code
> 	branch calling sprintf.... especially a daemon...

OK, good point.  One could still do something similar though, by
providing non-function leaf routines that intentionally call some
non-existent function.  For example,

	extern void strcpy_should_not_be_defined(void);
	char *strcpy(char *dst, char *src)
	{
		strcpy_should_not_be_defined();
		abort();
	}

As long as the functions named "*_should_not_be_defined" are
indeed not defined, then your program will not link.

Again, this library would only be used with set*id programs...

Gordon