Re: CVS commit: src/lib/libc

To: source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src/lib/libc
From: David Laight <david%l8s.co.uk@localhost>
Date: Thu, 1 Mar 2012 21:51:57 +0000

On Thu, Mar 01, 2012 at 05:07:32PM +0100, Joerg Sonnenberger wrote:
> 
> My strong dislike of *_s from C11 is not relevant. Those functions are
> not part of the core standard, but an (optional) annex.

gets() is pretty bad for anything that is system or suid.
For a normal user app it doesn't matter that much.
Invalid input genetates a core dump and/or corrupted user data.
For a test program it doesn't really matter that much.

Of course, you could have a libc.so in another directory that
contains things like gets() and other deprecated stuff and a
.NEEDED entry for the real libc - and use that to compile/run
old binaries.
Oh - except they've broken that feature of the linker.

My objection to the *_s() forms is that they are not really
inherently more 'secure' than the older functions.
They just include some of the checks the coder should have done.
So are just variants of the old function not 'secure' versions.

Microsoft's exception-throwing functions are even worse!
(Mind you Microsoft's _snprintf() is particulary borked.)

        David

-- 
David Laight: david%l8s.co.uk@localhost

References:
- Re: CVS commit: src/lib/libc
  - From: Joerg Sonnenberger
- Re: CVS commit: src/lib/libc
  - From: Izumi Tsutsui
- Re: CVS commit: src/lib/libc
  - From: Joerg Sonnenberger
- Re: CVS commit: src/lib/libc
  - From: Greg Troxel
- Re: CVS commit: src/lib/libc
  - From: Joerg Sonnenberger

Prev by Date: Re: CVS commit: src/share/zoneinfo
Next by Date: Re: CVS commit: src/doc
Previous by Thread: Re: CVS commit: src/lib/libc
Next by Thread: Re: CVS commit: src/lib/libc
Indexes:

Home | Main Index | Thread Index | Old Index