[3473] in cryptography@c2.net mail archive
Re: Medium-term real fix for buffer overruns
daemon@ATHENA.MIT.EDU (Ted Lemon)
Wed Oct 14 22:19:42 1998
To: Phil Karn <karn@qualcomm.com>
cc: gnu@toad.com, smb@research.att.com, reinhold@world.std.com,
decius@ninja.techwood.org, cryptography@c2.net
In-Reply-To: Your message of "Wed, 14 Oct 1998 18:15:50 PDT."
<199810150115.SAA29160@servo.qualcomm.com>
Date: Wed, 14 Oct 1998 22:00:42 -0400
From: Ted Lemon <mellon@hoffman.vix.com>
The NetBSD linker has a facility whereby warnings can be generated if
deprecated functions like gets are used. This can be quite useful in
expunging bugs, although I have to say that the times I've been bitten
by buffer overrun bugs (and sadly, I have been bitten) it has been
because of faulty thinking, not because I called gets or sprintf.
I think John's solution is probably more likely to make an actual
difference, unfortunately. I would like to see his compiler make an
effort to ensure correctness at compile time, though, rather than
leaving the whole job to be done at runtime. There are some pointer
bugs that can only be caught at runtime, but most of the ones I've
made in the past could have been caught by a sufficiently careful
compiler.
_MelloN_
