*BSD News Article 33503


Return to BSD News archive

Xref: sserve comp.os.386bsd.questions:11900 comp.os.386bsd.development:2350 comp.os.386bsd.misc:2910
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!constellation!mimbres.cs.unm.edu!tesuque.cs.sandia.gov!lynx.unm.edu!nntp.sunbelt.net!udel!MathWorks.Com!yeshua.marcam.com!zip.eecs.umich.edu!newsxfer.itd.umich.edu!europa.eng.gtefsd.com!howland.reston.ans.net!math.ohio-state.edu!jussieu.fr!univ-lyon1.fr!swidir.switch.ch!newsfeed.ACO.net!Austria.EU.net!EU.net!uunet!rwwa.com!not-for-mail
From: witr@rwwa.com (Robert Withrow)
Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc
Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe?
Date: 26 Jul 1994 14:35:16 -0400
Organization: R.W. Withrow Associates
Lines: 14
Message-ID: <313l14$ad@meatball.rwwa.com>
References: <30lrf3$2ii@acmez.gatech.edu> <ASAMI.94Jul21184711@forgery.cs.berkeley.edu> <31181v$ibk@agate.berkeley.edu> <ASAMI.94Jul25151654@forgery.cs.berkeley.edu> <311m2e$o33@agate.berkeley.edu>
Reply-To: witr@rwwa.com
NNTP-Posting-Host: meatball.rwwa.com

In article <311m2e$o33@agate.berkeley.edu>, edward@homer.CS.Berkeley.EDU (Edward Wang) writes:
|> In article <ASAMI.94Jul25151654@forgery.cs.berkeley.edu>,

|> As long as it's not setuid or run from a daemon, it's perfectly safe,
|> just coredumps from time to time.
|> 
|> I think this is enough on gets().

Sure.  Right up to the time you gets something that stimulates
your program to exec a shell and find / -print | xargs rm.

-- 
 Robert Withrow, Tel: +1 617 598 4480, Fax: +1 617 598 4430
 R.W. Withrow Associates, 319 Lynnway, Lynn MA 01901 USA, Net: witr@rwwa.COM