From owner-freebsd-current Sun Sep 24 01:22:24 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id BAA11282 for current-outgoing; Sun, 24 Sep 1995 01:22:24 -0700 Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id BAA11265 for ; Sun, 24 Sep 1995 01:22:18 -0700 Received: from sax.sax.de by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id JAA04895 for ; Sun, 24 Sep 1995 09:22:09 +0100 Received: by sax.sax.de (8.6.11/8.6.12-s1) with UUCP id JAA22171 for freebsd-current@freefall.freebsd.org; Sun, 24 Sep 1995 09:22:09 +0100 Received: (from j@localhost) by uriah.heep.sax.de (8.6.12/8.6.9) id IAA29691 for freebsd-current@freefall.freebsd.org; Sun, 24 Sep 1995 08:33:38 +0100 From: J Wunsch Message-Id: <199509240733.IAA29691@uriah.heep.sax.de> Subject: Re: runtime warnings, opinion warning To: freebsd-current@freefall.freebsd.org Date: Sun, 24 Sep 1995 08:33:37 +0100 (MET) Reply-To: freebsd-current@freefall.freebsd.org In-Reply-To: <9509232236.AA07462@borg.ess.harris.com> from "James Leppek" at Sep 23, 95 06:36:54 pm X-Phone: +49-351-2012 669 X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Content-Length: 1561 Sender: owner-current@FreeBSD.org Precedence: bulk As James Leppek wrote: > > ... Since when did fbsd become a > religion where you conform or are damned for all time? > This position is clearly in the "advocacy" or personal pet peeve catagory > that I always find amusing. It's been there since 386BSD 0.0, i think. :) > I can change things in a few minutes, but if I had a hundred users > I would not be happy because they would be coming to me saying its broken. > (to most users unsafe == broken) This is ok. If you see the warning next time, put your hand on the keyboard for a minute, then hit enter. >:-) > How about sprintf or strcpy, or any function that can blow a buffer? gets() is typically used _directly on user input_. That's the problem. The sprintf() saga is that the standard even forgot to standardize a safer function. :-( > The gets man page says don't use it, good place to mention it :-) Nobody reads man pages. In particular, if you port some existing program, you wouldn't even notice that it's using gets() (unless you're building a test environment and feed random garbage into the standard input of any program). If somebody sees it and cannot fix it himself, he should complain at the vendor of the program. If *you* are that unsatisfied with it, drop the warning from the source, create your own libc.so, and replace the original one... Sorry, i don't think you are going to find somebody here who'll share your opinion. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ Never trust an operating system you don't have sources for. ;-)