home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!cs.utexas.edu!qt.cs.utexas.edu!yale.edu!ira.uka.de!Germany.EU.net!mikros!mwtech!martin
- From: martin@mwtech.UUCP (Martin Weitzel)
- Newsgroups: comp.std.c
- Subject: Banning the use of `gets' (was Re: definition of strNcpy)
- Message-ID: <1369@mwtech.UUCP>
- Date: 24 Dec 92 12:04:58 GMT
- References: <1992Dec18.015228.6094@dms.agames.com> <1992Dec18.180358.24428@dms.agames.com> <BzMGp3.Hwr@math.uwaterloo.ca> <BzMzqC.n0u@jrd.dec.com>
- Reply-To: martin@mwtech.UUCP (Martin Weitzel)
- Organization: MIKROS Systemware, Darmstadt/W-Germany
- Lines: 18
-
- In article <BzMzqC.n0u@jrd.dec.com> diamond@jit.dec.com (Norman Diamond) writes:
- >Remember, a language with gets() and other such niceties is intended for
- >hacking, not for security. The "N" is intended to bring over a known portion
- >of the source string, not to protect other stuff near the target. Now this
- >raises the question of why memcpy() was invented, and I don't know the answer.
- >
- >On a more serious note, people actually do use gets(). I'd worry about this
- >kind of dangerous stuff long before caring about silly things like strncat().
-
- I think Norman made a very good point here. If in your C-library `gets'
- is a single module (I just checked and at least in UNIX SysV.R3 it seems
- to be so) you have a choice: Pull this module out of the library and
- into a new one (say, "/lib/libdangerous.l"). So programs using gets
- will have an `unresolvable external'. This should help to alert people
- that they should change their programs. (And if they are desperate they
- can still link the programs by adding "-ldangerous" to the cc command line.)
- --
- Martin Weitzel, email: martin@mwtech.UUCP, voice: 49-(0)6151-6 56 83
-
