Return to BSD News archive
Xref: sserve comp.os.386bsd.questions:11908 comp.os.386bsd.development:2353 comp.os.386bsd.misc:2915 Newsgroups: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msuinfo!agate!howland.reston.ans.net!cs.utexas.edu!usc!nic-nac.CSU.net!charnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!jmonroy From: jmonroy@netcom.com (Jesus Monroy Jr) Subject: Re: Why does FreeBSD 1.1.5 say gets() is unsafe? Message-ID: <jmonroyCtqIKo.GKs@netcom.com> Followup-To: comp.os.386bsd.questions,comp.os.386bsd.development,comp.os.386bsd.misc Organization: NETCOM On-line Communication Services (408 261-4700 guest) X-Newsreader: TIN [version 1.2 PL1] References: <30lrf3$2ii@acmez.gatech.edu> <ASAMI.94Jul21184711@forgery.cs.berkeley.edu> <31181v$ibk@agate.berkeley.edu> <ASAMI.94Jul25151654@forgery.cs.berkeley.edu> <311m2e$o33@agate.berkeley.edu> <jmonroyCtMGq2.IC6@netcom.com> <Ctn5yy.3I0@cs.vu.nl> Date: Sat, 30 Jul 1994 03:48:24 GMT Lines: 34 Kees J. Bot (kjb@cs.vu.nl) wrote: : jmonroy@netcom.com (Jesus Monroy Jr) writes: : > : >Edward Wang (edward@homer.CS.Berkeley.EDU) wrote: : >: As long as it's not setuid or run from a daemon, it's perfectly safe, : >: just coredumps from time to time. : > : >: I think this is enough on gets(). : > : > Somehow I am to beleive that a "coredump" is a good thing?!? : Somehow it is. You see, a program can: : 1) Run correctly, : 2) Dump core, : 3) Go wrong observably, : 4) Go wrong unobservably. : If a program is wrong then it is a good thing that it dumps core. A : core dump often allows you to pinpoint the bug precisely. : : What Edward meant with "safe" was "no security hole". Options 3) and 4) : may allow a cracker to break into a system if a program is setuid root. : Let's take the proposition for a moment that maybe a program should run right and discard the silly notion that a "core dump" is ever a good thing. -- Jesus Monroy Jr jmonroy@netcom.com Zebra Research /386BSD/device-drivers /fd /qic /clock /documentation ___________________________________________________________________________