Return to BSD News archive
Xref: sserve comp.os.386bsd.questions:11900 comp.os.386bsd.development:2350 comp.os.386bsd.misc:2910 Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!constellation!mimbres.cs.unm.edu!tesuque.cs.sandia.gov!lynx.unm.edu!nntp.sunbelt.net!udel!MathWorks.Com!yeshua.marcam.com!zip.eecs.umich.edu!newsxfer.itd.umich.edu!europa.eng.gtefsd.com!howland.reston.ans.net!math.ohio-state.edu!jussieu.fr!univ-lyon1.fr!swidir.switch.ch!newsfeed.ACO.net!Austria.EU.net!EU.net!uunet!rwwa.com!not-for-mail From: witr@rwwa.com (Robert Withrow) Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe? Date: 26 Jul 1994 14:35:16 -0400 Organization: R.W. Withrow Associates Lines: 14 Message-ID: <313l14$ad@meatball.rwwa.com> References: <30lrf3$2ii@acmez.gatech.edu> <ASAMI.94Jul21184711@forgery.cs.berkeley.edu> <31181v$ibk@agate.berkeley.edu> <ASAMI.94Jul25151654@forgery.cs.berkeley.edu> <311m2e$o33@agate.berkeley.edu> Reply-To: witr@rwwa.com NNTP-Posting-Host: meatball.rwwa.com In article <311m2e$o33@agate.berkeley.edu>, edward@homer.CS.Berkeley.EDU (Edward Wang) writes: |> In article <ASAMI.94Jul25151654@forgery.cs.berkeley.edu>, |> As long as it's not setuid or run from a daemon, it's perfectly safe, |> just coredumps from time to time. |> |> I think this is enough on gets(). Sure. Right up to the time you gets something that stimulates your program to exec a shell and find / -print | xargs rm. -- Robert Withrow, Tel: +1 617 598 4480, Fax: +1 617 598 4430 R.W. Withrow Associates, 319 Lynnway, Lynn MA 01901 USA, Net: witr@rwwa.COM