Date: Sat, 18 Dec 1999 12:50:24 -0500 (EST) From: Brian Fundakowski Feldman <green@FreeBSD.org> To: Warner Losh <imp@village.org> Cc: Bruce Evans <bde@zeta.org.au>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libc/gen fts.c Message-ID: <Pine.BSF.4.10.9912181246340.76308-100000@green.dyndns.org> In-Reply-To: <199912181653.JAA91039@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 18 Dec 1999, Warner Losh wrote: > In message <Pine.BSF.4.10.9912182011460.3596-100000@alphplex.bde.org> Bruce Evans writes: > : Not approved by: bde. I don't even approve of the way it was changed in > : -current (splatting the OpenBSD version on top of the FreeBSD version > : without analyzing the differences in detail). > > Likewise. I had concluded that we're immune to the overflow at one > point based on a lot of testing and much gnashing of teeth. The > commit surprised me. I concluded otherwise. Which has more weight: the evidence toward immunity, or the evidence toward vulnerability? I can assure you that this problem was still there under 3.X a few months ago, with RELENG_3 and HEAD fts.c, but only fixed in OpenBSD's fts.c. And nothing's changed since then before now; both HEAD and RELENG_3 both had big problems with fts(3). > One reason I didn't do something similar was that there were binary > compat issues that I didn't want to introduce... Huh? The API didn't change, at all. > > Warner > -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9912181246340.76308-100000>