Date: Sat, 24 Feb 2001 22:59:35 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Matt Dillon <dillon@earth.backplane.com> Cc: Bruce Evans <bde@zeta.org.au>, Kris Kennaway <kris@obsecurity.org>, Robert Watson <rwatson@FreeBSD.ORG>, Nick Sayer <nsayer@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: ports/astro/xglobe/files patch-random Message-ID: <20010224225935.A769@mollari.cthul.hu> In-Reply-To: <200102250640.f1P6e0q11960@earth.backplane.com>; from dillon@earth.backplane.com on Sat, Feb 24, 2001 at 10:40:00PM -0800 References: <Pine.BSF.4.21.0102251713590.5810-100000@besplex.bde.org> <200102250640.f1P6e0q11960@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--tKW2IUtsqtDRztdT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Feb 24, 2001 at 10:40:00PM -0800, Matt Dillon wrote: > I agree with Bruce that throwing a warning in for simply using > rand() or rand_r() is not appropriate. The man page says its > obsolete and that is good enough. We can only protect programmers > from themselves to a point, after that we are wasting our time. This isn't true -- as it stands now, people are writing code which produces bad behaviour (e.g. the xglobe stars thing), or is insecure, because they are ignoring the documentation. If we add a link-time warning it will probably catch more software writers, and the net result is positive. It also points out instances of possibly bad software which FreeBSD porters and committers can address, again a positive change. It wastes no-one's time except about 30 seconds of mine, which I was happy to give :-) Bruce's objection is on different grounds, and I'll think about how we can improve rand() without breaking the standards. Actually, on that matter, I have the suspicion that the rand() implementation (i.e. the algorithm it uses) is standardized somewhere (one of the C standards?). Bruce, can you confirm? Kris --tKW2IUtsqtDRztdT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6mK1XWry0BWjoQKURAkDGAJ9M1LHlvsQz4fiijc0JIW6u/sPb8ACg8RBq aOzTUR/wb3J9nDdjQywJJOw= =TvFa -----END PGP SIGNATURE----- --tKW2IUtsqtDRztdT-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010224225935.A769>