*BSD News Article 18732


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!elroy.jpl.nasa.gov!swrinde!cs.utexas.edu!rutgers!att-out!oucsboss!oucsace!sadkins
From: sadkins@bigbird.cs.ohiou.edu (Scott W. Adkins)
Newsgroups: comp.os.386bsd.questions
Subject: Re: Using gets() [ Was Re: nn ]
Message-ID: <1993Jul19.005949.28286@oucsace.cs.ohiou.edu>
Date: 19 Jul 93 00:59:49 GMT
References: <1993Jul17.203914.25267@fwi.uva.nl> <229qig$53k@pdq.coe.montana.edu> <OLEG.93Jul17185604@gd.cs.CSUFresno.EDU>
Sender: usenet@oucsace.cs.ohiou.edu (Network News Poster)
Organization: Ohio University CS Dept., Athens
Lines: 28

In article <OLEG.93Jul17185604@gd.cs.CSUFresno.EDU> oleg@gd.cs.CSUFresno.EDU (Oleg Kibirev) writes:
>
>Not to start another  religious war... There is nothing wrong with using  gets
>if  there is no good  reason  for input to be longer than some limit.  Like, a
>response to a yes/no question is very unlikely to be longer than 8 characters.
>If a user wants to break the program, he is welcome to do so (unless it's suid
>or a daemon). I would just compile nn with my own version of gets:

But it *is* a problem.  Isn't that how the internet worm tooks seeds and kind
of ran amuck various systems?  Essentially, you have no control of what is 
located *after* the buffer of memory that the keyboard input is supposedly
being written too.  If the user decides to overwrite the buffer into, maybe
code space, then all kind of neat things could happen.

But, as I reread what you said, at least damage would be minimal if the program
is not suid or a daemon... but still, the idea is to replace gets() so that it
is never used.  The replacement function that was given above (except, I kind
of delete it) and other versions previously posted are the right idea (if they
truly work).  

Maybe somebody should send mail to the author's of nn about it so that maybe
it will be officially fixed?

Scott
-- 
         Scott W. Adkins           Internet: sadkins@ohiou.edu
         ~~~~~~~~~~~~~~~                     ak323@cleveland.freenet.edu
    Ohio University of Athens        Bitnet: adkins@ouaccvma.bitnet