Date: Mon, 15 Jul 1996 02:42:22 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: bde@zeta.org.au (Bruce Evans) Cc: pst@shockwave.com, thorpej@nas.nasa.gov, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org, nate@freefall.freebsd.org, wosch@cs.tu-berlin.de Subject: Re: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c Message-ID: <199607150042.CAA13659@uriah.heep.sax.de> In-Reply-To: <199607142351.JAA10509@godzilla.zeta.org.au> from Bruce Evans at "Jul 15, 96 09:51:26 am"
next in thread | previous in thread | raw e-mail | index | archive | help
As Bruce Evans wrote: > > > Should we disable sprintf() for sgid/suid programs? > > Why stop there? Convert all strcpy()s to snprintf()s. Convert all > pointers to arrays. Implement array bounds checking. Actually use > array bounds checking. !-) Use Pascal. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607150042.CAA13659>