Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5
To: None <firstname.lastname@example.org>
From: Jaromír Doleček <email@example.com>
Date: 09/13/2000 17:31:54
Bill Sommerfeld wrote:
> > This logic makes no sense though in the larger context. Using this idea
> > then gets() should have simply been removed as well from the library years
> > ago as it's abuse can cause system compromises.
> Yes, it should have.
Agreed. Using gets() can never be safe. Standardizing this lousy
function was one of serious mistakes of ANSI C.
Jaromir Dolecek <jdolecek@NetBSD.org> http://www.ics.muni.cz/~dolecek/
@@@@ Wanna a real operating system ? Go and get NetBSD, damn! @@@@