*BSD News Article 33208


Return to BSD News archive

Xref: sserve comp.os.386bsd.questions:11771 comp.os.386bsd.development:2332 comp.os.386bsd.misc:2800
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msuinfo!agate!priam.CS.Berkeley.EDU!edward
From: edward@priam.CS.Berkeley.EDU (Edward Wang)
Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc
Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe?
Date: 25 Jul 1994 20:41:35 GMT
Organization: University of California, Berkeley
Lines: 11
Message-ID: <31181v$ibk@agate.berkeley.edu>
References: <30lrf3$2ii@acmez.gatech.edu> <30mcrm$67t@darkstar.UCSC.EDU> <ASAMI.94Jul21184711@forgery.cs.berkeley.edu>
NNTP-Posting-Host: priam.cs.berkeley.edu
Cc: 

In article <ASAMI.94Jul21184711@forgery.cs.berkeley.edu>,
Satoshi ASAMI <asami@cs.berkeley.edu> wrote:

>Yes, this was one of the "holes" that the Internet Worm exploited.
>gets() really has no business being in the standard library, except it
>is too "standard" (is it in POSIX?) that we can't take it out.

It's a bit drastic, no?  Fingerd.c was just badly written.

Though gets() is a bit of an odd-function-out in its semantics,
and I would't really recommend using it.