groo@old-ones.com (Bill Squier) writes:
> I have decided to further secure NetBSD by changing all the instances of
> the word 'sprintf' in your log messages to 'snprintf'.
>
> All kidding aside, don't you feel that some of these changes are a waste of
> your valuable time?  Many of these changes are in device drivers where the
> lengths of these items are fixed.

I think that, in general, we should be eliminating all use of unsafe
string ops everywhere, even when "known safe", because people do
stupid things with time (like copying or changing code to produce
unsafe results.) Even our smartest developers have screwed stuff like
this up in the past.


-- 
Perry E. Metzger		perry@piermont.com