*BSD News Article 33361

Return to BSD News archive 

Xref: sserve comp.os.386bsd.questions:11843 comp.os.386bsd.development:2346 comp.os.386bsd.misc:2860
Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!spool.mu.edu!howland.reston.ans.net!EU.net!sun4nl!cs.vu.nl!kjb
From: kjb@cs.vu.nl (Kees J. Bot)
Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe?
Message-ID: <Ctn5yy.3I0@cs.vu.nl>
Sender: news@cs.vu.nl
Organization: Fac. Wiskunde & Informatica, VU, Amsterdam
References: <30lrf3$2ii@acmez.gatech.edu> <ASAMI.94Jul21184711@forgery.cs.berkeley.edu> <31181v$ibk@agate.berkeley.edu> <ASAMI.94Jul25151654@forgery.cs.berkeley.edu> <311m2e$o33@agate.berkeley.edu> <jmonroyCtMGq2.IC6@netcom.com>
Date: Thu, 28 Jul 1994 08:23:21 GMT
Lines: 38

jmonroy@netcom.com (Jesus Monroy Jr) writes:
>
>Edward Wang (edward@homer.CS.Berkeley.EDU) wrote:
>: In article <ASAMI.94Jul25151654@forgery.cs.berkeley.edu>,
>: Satoshi ASAMI <asami@cs.berkeley.edu> wrote:
>: >Hmm, so how can you write a program that uses gets() and is safe?
>
>: As long as it's not setuid or run from a daemon, it's perfectly safe,
>: just coredumps from time to time.
>
>: I think this is enough on gets().
>
>	Somehow I am to beleive that a "coredump" is a good thing?!?

Somehow it is.  You see, a program can:

	1) Run correctly,
	2) Dump core,
	3) Go wrong observably,
	4) Go wrong unobservably.

If a program is wrong then it is a good thing that it dumps core.  A
core dump often allows you to pinpoint the bug precisely.

What Edward meant with "safe" was "no security hole".  Options 3) and 4)
may allow a cracker to break into a system if a program is setuid root.

I don't have gets() in the C library on my system (Minix-386vm) at all.
Any gets(buf) call that I may find is immediately replaced by:

	result = fgets(buf, sizeof(buf), stdin);
	*strchr(buf, '\n') = 0;

This makes options 3) and 4) impossible, because a NULL-dereference will
occur if 'buf' is overrun causing a core dump.
--
	                        Kees J. Bot  (kjb@cs.vu.nl)
	              Systems Programmer, Vrije Universiteit Amsterdam