*BSD News Article 33618


Return to BSD News archive

Xref: sserve comp.os.386bsd.questions:11908 comp.os.386bsd.development:2353 comp.os.386bsd.misc:2915
Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msuinfo!agate!howland.reston.ans.net!cs.utexas.edu!usc!nic-nac.CSU.net!charnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!jmonroy
From: jmonroy@netcom.com (Jesus Monroy Jr)
Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe?
Message-ID: <jmonroyCtqIKo.GKs@netcom.com>
Followup-To: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
X-Newsreader: TIN [version 1.2 PL1]
References: <30lrf3$2ii@acmez.gatech.edu> <ASAMI.94Jul21184711@forgery.cs.berkeley.edu> <31181v$ibk@agate.berkeley.edu> <ASAMI.94Jul25151654@forgery.cs.berkeley.edu> <311m2e$o33@agate.berkeley.edu> <jmonroyCtMGq2.IC6@netcom.com> <Ctn5yy.3I0@cs.vu.nl>
Date: Sat, 30 Jul 1994 03:48:24 GMT
Lines: 34

Kees J. Bot (kjb@cs.vu.nl) wrote:
: jmonroy@netcom.com (Jesus Monroy Jr) writes:
: >
: >Edward Wang (edward@homer.CS.Berkeley.EDU) wrote:
: >: As long as it's not setuid or run from a daemon, it's perfectly safe,
: >: just coredumps from time to time.
: >
: >: I think this is enough on gets().
: >
: >	Somehow I am to beleive that a "coredump" is a good thing?!?

: Somehow it is.  You see, a program can:

: 	1) Run correctly,
: 	2) Dump core,
: 	3) Go wrong observably,
: 	4) Go wrong unobservably.

: If a program is wrong then it is a good thing that it dumps core.  A
: core dump often allows you to pinpoint the bug precisely.
:
: What Edward meant with "safe" was "no security hole".  Options 3) and 4)
: may allow a cracker to break into a system if a program is setuid root.
:
	Let's take the proposition for a moment that maybe 
	a program should run right and discard the silly 
	notion that a "core dump" is ever a good thing.


-- 
Jesus Monroy Jr                                          jmonroy@netcom.com
Zebra Research
/386BSD/device-drivers /fd /qic /clock /documentation
___________________________________________________________________________