From owner-freebsd-hackers Mon Feb 10 15:38:36 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA02827 for hackers-outgoing; Mon, 10 Feb 1997 15:38:36 -0800 (PST) Received: from parkplace.cet.co.jp (parkplace.cet.co.jp [202.32.64.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA02822 for ; Mon, 10 Feb 1997 15:38:31 -0800 (PST) Received: from localhost (michaelh@localhost) by parkplace.cet.co.jp (8.8.5/CET-v2.1) with SMTP id XAA25487; Mon, 10 Feb 1997 23:36:47 GMT Date: Tue, 11 Feb 1997 08:36:47 +0900 (JST) From: Michael Hancock To: Alexander Snarskii cc: freebsd-hackers@freebsd.org Subject: Re: Increasing overall security.... In-Reply-To: <199702101606.SAA08033@burka.carrier.kiev.ua> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 10 Feb 1997, Alexander Snarskii wrote: > > Look in the cvs logs for recent commits by imp for example rlogind, rshd, > > etc. > > Well, i saw that changes. But, my reasons to ask to commit these patches > is: > 1) Any usage of strcpy and so in any program is a 'Bad Thing' (tm). Unless the caller can be trusted to check parameters from it's own callers and to pass parameters correctly. > Last reason: > Look to the /usr/src/lib/libc/stdio/gets.c - you'll see > the warning about this function, which are printed everytime, > when working programm calls this function first time. gets shouldn't be used at all. Warner Losh (imp) is committing Theos' buffer overflow fixes to all exploitable or likely exploitable cases. Mike Hancock