Date: Wed, 3 Apr 2002 18:23:01 -0500 (EST) From: Trevor Johnson <trevor@jpj.net> To: Mike Barcroft <mike@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, <cvs-all@FreeBSD.org>, Garrett Wollman <wollman@FreeBSD.org> Subject: Re: malloc.h--cheaper by the dozen? Message-ID: <20020331033829.Q20524-100000@blues.jpj.net> In-Reply-To: <20020331023459.G81971@espresso.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Barcroft wrote: > Trevor Johnson <trevor@jpj.net> writes: > > When the user attempts to compile a program which uses gets() in > > compliance with modern ANSI and ISO standards, the user receives a gentle > > slap (a warning). The program compiles successfully, but the user is > > informed that a security hole was probably opened. When the user attempts > > to compile a program that was written according to an old man page from > > Ultrix [1], SunOS [2], Solaris [3], or AIX [4]--some of which predated the > > ANSI and ISO standards--the user receives a hard slap (an error). The > > Open Group seems to say that the presence of malloc.h is not required but > > neither prohibited nor deprecated [5]. > > We don't support pre-ANSI C in 5.0-CURRENT. Not supporting is one thing; actively sabotaging is another. Simply not having the header would be a more friendly way to not support it. Is there an advantage to generating an error? I don't see it. We don't even save the one inode that we would save by not having a malloc.h at all. > Software developers have had over a decade to update their software to > more modern versions of C; I have no sympathy for them. There's every likelihood that the authors of those programs no longer maintain them, that they don't care whether their code complies with standards, or that they don't care about FreeBSD. Still, their work may be of use to FreeBSD users, who are the ones getting the error. The Solaris version I mentioned dates from 1996. The header is present in post-C89 versions of HP/UX (http://www.informatik.uni-frankfurt.de/doc/man/hpux/malloc.3c.html) and Tru64 (http://btrcx1.cip.uni-bayreuth.de/cgi-bin/manpages/malloc/3) as well as BSD/OS and FreeBSD 4.X. The GNU libc contains it to this day (http://www.delorie.com/gnu/docs/glibc/libc_29.html). They say it is from the SVID and XPG standards (although I could not find it in the SVID which Caldera offers for download). Programs which do #if HAVE_USR_INCLUDE_MALLOC_H #include "/usr/include/malloc.h" are likely to fall into the booby trap. If the header were just removed entirely, they could recover. -- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020331033829.Q20524-100000>