Re: CVS commit: basesrc/lib/libc

To: itojun%netbsd.org@localhost
Subject: Re: CVS commit: basesrc/lib/libc
From: woods%weird.com@localhost (Greg A. Woods)
Date: Sun, 17 Nov 2002 19:19:08 -0500 (EST)

[ On Sunday, November 17, 2002 at 22:49:34 (+0200), Jun-ichiro itojun Hagino 
wrote: ]
> Subject: CVS commit: basesrc/lib/libc
>
> (there are bunch of "strcpy is safe" comments, i think we should change them
> to strlcpy as much as possible)

Why do you say that?  strcpy() really is perfectly fine and safe to use
in many contexts (perhaps even in the ones you refer to).  Wholesale
avoidance of the likes of strcpy() sounds like very much too much
paranoia to me (or too much reliance on overly simplistic analysis
tools).  Safe and secure programming in C is always going to require
awareness of these issues -- papering over by ripping out things that
trigger bad connotations won't help any, and may even hurt in some way
(eg. performance, unnecessary code obfuscation, etc., etc.).

-- 
                                                                Greg A. Woods

+1 416 218-0098;            <g.a.woods%ieee.org@localhost>;           
<woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost>; VE3TCP; Secrets of the Weird 
<woods%weird.com@localhost>

References:
- CVS commit: basesrc/lib/libc
  - From: Jun-ichiro itojun Hagino

Prev by Date: CVS commit: syssrc/usr.sbin/config
Next by Date: CVS commit: [netbsd-1-6] basesrc/distrib/sets
Previous by Thread: Re: CVS commit: basesrc/lib/libc
Next by Thread: CVS commit: syssrc/usr.sbin/config
Indexes:

Home | Main Index | Thread Index | Old Index