Re: CVS commit: src/sys/arch/i386

To: groo%old-ones.com@localhost (Bill Squier)
Subject: Re: CVS commit: src/sys/arch/i386
From: "Perry E. Metzger" <perry%piermont.com@localhost>
Date: Thu, 22 Apr 2004 10:44:24 -0400

groo%old-ones.com@localhost (Bill Squier) writes:
> I have decided to further secure NetBSD by changing all the instances of
> the word 'sprintf' in your log messages to 'snprintf'.
>
> All kidding aside, don't you feel that some of these changes are a waste of
> your valuable time?  Many of these changes are in device drivers where the
> lengths of these items are fixed.

I think that, in general, we should be eliminating all use of unsafe
string ops everywhere, even when "known safe", because people do
stupid things with time (like copying or changing code to produce
unsafe results.) Even our smartest developers have screwed stuff like
this up in the past.

-- 
Perry E. Metzger                perry%piermont.com@localhost

Follow-Ups:
- Re: CVS commit: src/sys/arch/i386
  - From: M. Warner Losh

References:
- CVS commit: src/sys/arch/i386
  - From: Jun-ichiro itojun Hagino
- Re: CVS commit: src/sys/arch/i386
  - From: Bill Squier

Prev by Date: Re: CVS commit: src/usr.sbin
Next by Date: CVS commit: src/sys/netinet
Previous by Thread: Re: CVS commit: src/sys/arch/i386
Next by Thread: Re: CVS commit: src/sys/arch/i386
Indexes:

Home | Main Index | Thread Index | Old Index