[3471] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Medium-term real fix for buffer overruns

daemon@ATHENA.MIT.EDU (Phil Karn)
Wed Oct 14 21:44:52 1998

Date: Wed, 14 Oct 1998 18:15:50 -0700 (PDT)
From: Phil Karn <karn@qualcomm.com>
To: gnu@toad.com
CC: smb@research.att.com, reinhold@world.std.com, decius@ninja.techwood.org,
        cryptography@c2.net
In-reply-to: <199810150044.RAA24572@toad.com> (message from John Gilmore on
	Wed, 14 Oct 1998 17:43:59 -0700)

How about a more modest start: expunge the gets() function from the
C library?

Right after the Morris Worm (almost exactly 10 years ago!) I called up
one of the Bellcore guys who was on the ANSI C library committee and asked
if he could propose to expunge gets() from the standard. He said the
committee rejected the idea. It would break too much code.

As if code that uses gets() isn't *already* broken.

Phil


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3471] in cryptography@c2.net mail archive

Re: Medium-term real fix for buffer overruns

daemon@ATHENA.MIT.EDU (Phil Karn)Wed Oct 14 21:44:52 1998

daemon@ATHENA.MIT.EDU (Phil Karn)
Wed Oct 14 21:44:52 1998