From owner-cvs-src@FreeBSD.ORG  Wed Apr 30 07:42:10 2003
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5AD0837B401; Wed, 30 Apr 2003 07:42:10 -0700 (PDT)
Received: from dragon.nuxi.com (trang.nuxi.com [66.93.134.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6725A43F3F; Wed, 30 Apr 2003 07:42:09 -0700 (PDT)
	(envelope-from obrien@NUXI.com)
Received: from dragon.nuxi.com (obrien@localhost [127.0.0.1])
	by dragon.nuxi.com (8.12.9/8.12.9) with ESMTP id h3UEfsm2007835;
	Wed, 30 Apr 2003 07:41:54 -0700 (PDT)
	(envelope-from obrien@dragon.nuxi.com)
Received: (from obrien@localhost)
	by dragon.nuxi.com (8.12.9/8.12.9/Submit) id h3UEfnWI007834;
	Wed, 30 Apr 2003 07:41:49 -0700 (PDT)
Date: Wed, 30 Apr 2003 07:41:49 -0700
From: "David O'Brien" <dev-null@NUXI.com>
To: "Jacques A. Vidrine" <nectar@FreeBSD.org>
Message-ID: <20030430144149.GA7786@dragon.nuxi.com>
References: <200304292113.h3TLDoGF072965@repoman.freebsd.org>
	<xzp65oxrn3e.fsf@flood.ping.uio.no> <20030430002014.GA1190@dragon.nuxi.com>
	<xzpptn4rfww.fsf@flood.ping.uio.no>
	<20030430004907.GA32349@mero.morphisms.net>
	<20030430031856.GA20258@madman.celabo.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030430031856.GA20258@madman.celabo.org>
User-Agent: Mutt/1.4i
X-Operating-System: FreeBSD 5.0-CURRENT
Organization: The NUXI BSD Group
X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3  90 76 5D 69 58 D9 98 7A
X-Pgp-Rsa-Keyid: 1024/34F9F9D5
cc: cvs-src@FreeBSD.org
cc: src-committers@FreeBSD.org
cc: "W. Josephson" <cvs-D20030429@morphisms.net>
cc: Dag-Erling Smorgrav <des@ofug.org>
Subject: Re: cvs commit: src/lib/libc/gen check_utility_compat.c confstr.c
	fmtmsg.c getgrent.c getpwent.c src/lib/libc/include namespace.h
	un-namespace.h src/lib/libc/locale setlocale.c src/lib/libc/net
	getaddrinfo.c gethostbydns.c getnameinfo.c hesiod.c ...
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2003 14:42:10 -0000

On Tue, Apr 29, 2003 at 10:18:56PM -0500, Jacques A. Vidrine wrote:
> I chose to hide strlcpy/strlcat anyway because I am far from certain
> that qpopper is the only application supplying its own (working or
> not) implementations.  We don't want to call those from within libc,
> ever.  It is too risky.

Why is it "too risky"?  If the software is setuid, LD_LIBRARY_PATH and
LD_PRELOAD won't work.  If it is run with normal user-level privs,
well... there are *plenty* of ways to add "risk".  Foot... gun... pull
trigger...  It is not our place or responsibility to go to these lengths
to protect users.  I strongly don't want to see a lot of libc function
hiding and alternate symbols.

--
-- David  (obrien@FreeBSD.org)