Return to BSD News archive
Xref: sserve comp.os.386bsd.questions:11766 comp.os.386bsd.development:2331 comp.os.386bsd.misc:2795
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!spool.mu.edu!agate!priam.CS.Berkeley.EDU!edward
From: edward@priam.CS.Berkeley.EDU (Edward Wang)
Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc
Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe?
Date: 26 Jul 1994 06:58:15 GMT
Organization: University of California, Berkeley
Lines: 15
Message-ID: <312c67$1ae@agate.berkeley.edu>
References: <30lrf3$2ii@acmez.gatech.edu> <ASAMI.94Jul25151654@forgery.cs.berkeley.edu> <311m2e$o33@agate.berkeley.edu> <311uec$4cm@GRAPEVINE.LCS.MIT.EDU>
NNTP-Posting-Host: priam.cs.berkeley.edu
Cc:
In article <311uec$4cm@GRAPEVINE.LCS.MIT.EDU>,
Garrett Wollman <wollman@ginger.lcs.mit.edu> wrote:
>So your argument is that gets() is not necessarily unsafe, but always
>incorrect. Interesting...
Sometimes incorrect, or usually correct, which is the best we can say
about any program.
>I wonder what it would take to convince gets() to execute `system("rm
>-rf /")'...
But only your own files will be removed.
Shouldn't we be taking this outside?