Date: Sun, 31 Mar 2002 02:34:59 -0500 From: Mike Barcroft <mike@FreeBSD.org> To: Trevor Johnson <trevor@jpj.net> Cc: Kris Kennaway <kris@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, portmgr@FreeBSD.org, Garrett Wollman <wollman@FreeBSD.org>, Thierry Thomas <thierry@pompo.net> Subject: Re: malloc.h--cheaper by the dozen? Message-ID: <20020331023459.G81971@espresso.q9media.com> In-Reply-To: <20020330232651.I16128-100000@blues.jpj.net>; from trevor@jpj.net on Sun, Mar 31, 2002 at 02:12:29AM -0500 References: <20020330232651.I16128-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Trevor Johnson <trevor@jpj.net> writes: > When the user attempts to compile a program which uses gets() in > compliance with modern ANSI and ISO standards, the user receives a gentle > slap (a warning). The program compiles successfully, but the user is > informed that a security hole was probably opened. When the user attempts > to compile a program that was written according to an old man page from > Ultrix [1], SunOS [2], Solaris [3], or AIX [4]--some of which predated the > ANSI and ISO standards--the user receives a hard slap (an error). The > Open Group seems to say that the presence of malloc.h is not required but > neither prohibited nor deprecated [5]. We don't support pre-ANSI C in 5.0-CURRENT. We do, on the other hand, support ANSI/ISO C which has gets(3). Software developers have had over a decade to update their software to more modern versions of C; I have no sympathy for them. As an aside, I think ports which use gets(3) should be marked as BROKEN. Best regards, Mike Barcroft To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020331023459.G81971>