Return to BSD News archive
Xref: sserve comp.os.386bsd.questions:11932 comp.os.386bsd.development:2355 comp.os.386bsd.misc:2929 Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!news.Hawaii.Edu!ames!hookup!swrinde!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!news.duke.edu!godot.cc.duq.edu!newsfeed.pitt.edu!uunet!newsie.dmc.com!grapevine.lcs.mit.edu!ginger.lcs.mit.edu!wollman From: wollman@ginger.lcs.mit.edu (Garrett Wollman) Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe? Date: 26 Jul 1994 03:03:40 GMT Organization: MIT Laboratory for Computer Science Lines: 23 Message-ID: <311uec$4cm@GRAPEVINE.LCS.MIT.EDU> References: <30lrf3$2ii@acmez.gatech.edu> <31181v$ibk@agate.berkeley.edu> <ASAMI.94Jul25151654@forgery.cs.berkeley.edu> <311m2e$o33@agate.berkeley.edu> NNTP-Posting-Host: ginger.lcs.mit.edu In article <311m2e$o33@agate.berkeley.edu>, Edward Wang <edward@homer.CS.Berkeley.EDU> wrote: >In article <ASAMI.94Jul25151654@forgery.cs.berkeley.edu>, >Satoshi ASAMI <asami@cs.berkeley.edu> wrote: >>Hmm, so how can you write a program that uses gets() and is safe? > >As long as it's not setuid or run from a daemon, it's perfectly safe, >just coredumps from time to time. So your argument is that gets() is not necessarily unsafe, but always incorrect. Interesting... I wonder what it would take to convince gets() to execute `system("rm -rf /")'... -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant