Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Feb 1997 08:36:47 +0900 (JST)
From:      Michael Hancock <michaelh@cet.co.jp>
To:        Alexander Snarskii <snar@lucky.net>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Increasing overall security....
Message-ID:  <Pine.SV4.3.95.970211082337.25315G-100000@parkplace.cet.co.jp>
In-Reply-To: <199702101606.SAA08033@burka.carrier.kiev.ua>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 10 Feb 1997, Alexander Snarskii wrote:

> > Look in the cvs logs for recent commits by imp for example rlogind, rshd,
> > etc.
> 
> Well, i saw that changes. But, my reasons to ask to commit these patches
> is:

> 1) Any usage of strcpy and so in any program is a 'Bad Thing' (tm).

Unless the caller can be trusted to check parameters from it's own callers
and to pass parameters correctly.

> Last reason:
> Look to the /usr/src/lib/libc/stdio/gets.c - you'll see
> the warning about this function, which are printed everytime,
> when working programm calls this function first time. 

gets shouldn't be used at all.

Warner Losh (imp) is committing Theos' buffer overflow fixes to all
exploitable or likely exploitable cases.

Mike Hancock




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SV4.3.95.970211082337.25315G-100000>