Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5
To: None <firstname.lastname@example.org>
From: James Chacon <email@example.com>
Date: 09/13/2000 11:49:16
Sure, if we want to run "something real similiar to posix compliance but
not really there". Like I said, in this vein remove setuid while we're at it.
Holes in that have caused more problems than anything else.
>> This logic makes no sense though in the larger context. Using this idea
>> then gets() should have simply been removed as well from the library years
>> ago as it's abuse can cause system compromises.
>Yes, it should have.
> - Bill