From owner-freebsd-hackers Thu Jul 15 17:32:31 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 87E8015788 for ; Thu, 15 Jul 1999 17:32:28 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id SAA29759; Thu, 15 Jul 1999 18:32:22 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id SAA01282; Thu, 15 Jul 1999 18:32:22 -0600 (MDT) Message-Id: <199907160032.SAA01282@harmony.village.org> To: Mike Smith Subject: Re: OpenBSD's strlcpy(3) and strlcat(3) Cc: freebsd-hackers@FreeBSD.ORG In-reply-to: Your message of "Thu, 15 Jul 1999 17:23:15 PDT." <199907160023.RAA02029@dingo.cdrom.com> References: <199907160023.RAA02029@dingo.cdrom.com> Date: Thu, 15 Jul 1999 18:32:22 -0600 From: Warner Losh Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <199907160023.RAA02029@dingo.cdrom.com> Mike Smith writes: : I still think this is the wrong way to deal with the problem. 8) We mildly disagree here. The strl* functions are the end all, be all of security. They are just designed to make the existing code that uses static buffers easy to make more robust w/o radically altering that code. Of course, strings have always been weak in 'C'. You make them static and they overflow. You malloc them, and often people forget to free them later leading to other problems... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message