From owner-freebsd-chat  Mon Dec 16 13:59:10 1996
Return-Path: <owner-chat>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id NAA06370
          for chat-outgoing; Mon, 16 Dec 1996 13:59:10 -0800 (PST)
Received: from main.statsci.com (main.statsci.com [206.63.206.110])
          by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id NAA06359
          for <freebsd-chat@freebsd.org>; Mon, 16 Dec 1996 13:59:03 -0800 (PST)
Received: from statsci.com [206.63.206.184]  with smtp 
	by main.statsci.com with smtp 
	(/\oo/\ Smail3.1.29.1 #29.3 #3) id m0vZl3Y-0003xJC; Mon, 16 Dec 96 13:58 PST
Message-Id: <m0vZl3Y-0003xJC@main.statsci.com>
To: J Wunsch <j@uriah.heep.sax.de>
cc: freebsd-chat@freebsd.org
Subject: Re: crontab security hole 
References: <199612162051.VAA08770@uriah.heep.sax.de> 
In-reply-to: Your message of "Mon, 16 Dec 1996 21:51:12 +0100."
             <199612162051.VAA08770@uriah.heep.sax.de> 
Reply-to: scott@statsci.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 16 Dec 1996 13:58:40 -0800
From: Scott Blachowicz <scott@statsci.com>
Sender: owner-chat@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

J Wunsch <j@uriah.heep.sax.de> wrote:

> Haven't any of you ever heard of the ugly misdesign of strn{cat,cpy}()
> to not delimit your string if it's reaching the end?  I think this is
> violating the principle of least surprise... since they still have the
> `str' in the name, not `mem'.

I agree with you, but on the other hand, it's not THAT hard to code it like 
this:

	char dest[N+1];
	strncpy (dest, src, N);
	*(dest+N) = 0;

Scott Blachowicz  Ph: 206/283-8802x240   Mathsoft (Data Analysis Products Div)
                                         1700 Westlake Ave N #500
scott@statsci.com                        Seattle, WA USA   98109
Scott.Blachowicz@seaslug.org