In message <20050824020030.GC14190@netbsd.org>, Bill Studenmund writes:
>
>--9Ek0hoCL9XbhcSqy
>Content-Type: text/plain; charset=us-ascii
>Content-Disposition: inline
>Content-Transfer-Encoding: quoted-printable
>
>On Tue, Aug 23, 2005 at 10:47:22AM +0200, Roland Illig wrote:
>> matthew green wrote:
>> >one thing to be wary of is bloating the bootblocks.  all the
>> >proposed changes increase the size of text...
>>=20
>> As soon as no-one needs it, the gets(3) function will be removed from=20
>> libsa. This will reduce the test size again. I think the effective=20
>> increase will be around less than 20 machine instructions. But that's=20
>> the price for not having buffer overflows. ;)
>
>I didn't ask this before, but what threat scenarios do we have in mind=20
>here? As David notes, such a buffer overflow would have to be something=20
>that someone at a keyboard can type into the system. And if someone can=20
>type arbitrary text at the keyboard, we have other issues.
>
>What threats do we have in mind? Or do we have a desire for a check-box=20
>validation (which can be important, I admit)?

What Bill said -- both parts.

Seriously -- in libsa, it's mostly a desire for clean coding practices; 
I don't see the incremental security risk in most situations.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb