From owner-cvs-usrbin  Sun Jul 14 16:57:06 1996
Return-Path: owner-cvs-usrbin
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA13658
          for cvs-usrbin-outgoing; Sun, 14 Jul 1996 16:57:06 -0700 (PDT)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id QAA13590;
          Sun, 14 Jul 1996 16:56:45 -0700 (PDT)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.12/8.6.9) id JAA10509; Mon, 15 Jul 1996 09:51:26 +1000
Date: Mon, 15 Jul 1996 09:51:26 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199607142351.JAA10509@godzilla.zeta.org.au>
To: pst@shockwave.com, thorpej@nas.nasa.gov
Subject: Re: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c
Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org,
        cvs-usrbin@freefall.freebsd.org, nate@freefall.freebsd.org,
        wosch@cs.tu-berlin.de
Sender: owner-cvs-usrbin@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> > That's way over-board.  The only case where sprintf can get you into trouble
> > is if you're sprintfing tainted variables (to steal a perl term) into a stack
> > buffer.

>It may be overboard, but it certainly doesn't _hurt_ :-)

It may give a false sense of security.

> >   Should we disable sprintf() for sgid/suid programs?

Why stop there?  Convert all strcpy()s to snprintf()s.  Convert all
pointers to arrays.  Implement array bounds checking.  Actually use
array bounds checking. !-)

Bruce