*BSD News Article 33500


Return to BSD News archive

Xref: sserve comp.os.386bsd.questions:11932 comp.os.386bsd.development:2355 comp.os.386bsd.misc:2929
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!news.Hawaii.Edu!ames!hookup!swrinde!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!news.duke.edu!godot.cc.duq.edu!newsfeed.pitt.edu!uunet!newsie.dmc.com!grapevine.lcs.mit.edu!ginger.lcs.mit.edu!wollman
From: wollman@ginger.lcs.mit.edu (Garrett Wollman)
Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc
Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe?
Date: 26 Jul 1994 03:03:40 GMT
Organization: MIT Laboratory for Computer Science
Lines: 23
Message-ID: <311uec$4cm@GRAPEVINE.LCS.MIT.EDU>
References: <30lrf3$2ii@acmez.gatech.edu> <31181v$ibk@agate.berkeley.edu> <ASAMI.94Jul25151654@forgery.cs.berkeley.edu> <311m2e$o33@agate.berkeley.edu>
NNTP-Posting-Host: ginger.lcs.mit.edu

In article <311m2e$o33@agate.berkeley.edu>,
Edward Wang <edward@homer.CS.Berkeley.EDU> wrote:

>In article <ASAMI.94Jul25151654@forgery.cs.berkeley.edu>,
>Satoshi ASAMI <asami@cs.berkeley.edu> wrote:
>>Hmm, so how can you write a program that uses gets() and is safe?
>
>As long as it's not setuid or run from a daemon, it's perfectly safe,
>just coredumps from time to time.

So your argument is that gets() is not necessarily unsafe, but always
incorrect.  Interesting...

I wonder what it would take to convince gets() to execute `system("rm
-rf /")'...

-GAWollman

-- 
Garrett A. Wollman   | Shashish is simple, it's discreet, it's brief. ... 
wollman@lcs.mit.edu  | Shashish is the bonding of hearts in spite of distance.
Opinions not those of| It is a bond more powerful than absence.  We like people
MIT, LCS, ANA, or NSA| who like Shashish.  - Claude McKenzie + Florent Vollant