From owner-freebsd-current Tue Nov 23 14:27: 1 1999 Delivered-To: freebsd-current@freebsd.org Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [169.237.7.38]) by hub.freebsd.org (Postfix) with ESMTP id 1A73215487; Tue, 23 Nov 1999 14:26:52 -0800 (PST) (envelope-from obrien@NUXI.com) Received: from dragon.nuxi.com (root@d60-025.leach.ucdavis.edu [169.237.60.25]) by relay.nuxi.com (8.9.3/8.9.3) with ESMTP id OAA45565; Tue, 23 Nov 1999 14:26:27 -0800 (PST) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id OAA50264; Tue, 23 Nov 1999 14:26:26 -0800 (PST) (envelope-from obrien) Date: Tue, 23 Nov 1999 14:26:26 -0800 From: "David O'Brien" To: Kris Kennaway Cc: peter.jeremy@alcatel.com.au, current@FreeBSD.ORG Subject: Re: FreeBSD security auditing project. Message-ID: <19991123142626.D49964@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <99Nov24.075703est.40331@border.alcanet.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from kris@hub.freebsd.org on Tue, Nov 23, 1999 at 02:15:52PM -0800 X-Operating-System: FreeBSD 4.0-CURRENT Organization: The NUXI BSD group X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > A 'grep | wc' equivalent over the source tree gives: > > > > gets 110 > > strcat 2860 > > strcpy 4717 > > strncat 167 > > strncpy 1514 > > sprintf 6839 > > vsprintf 133 > > *ouch* :-) This means nothing out of context. I hope we don't go on a witch hunt. > > And these are the easy ones... > Indeed :-( Global search and replace of these can obfuscate code. Things must be looked for in context. -- -- David (obrien@NUXI.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message