More thinking securely...
Max Laier
max at love2party.net
Tue Dec 9 15:19:02 PST 2003
> :Would there be any value (right now) in moving away from unsafe/unbounded
> :string functions like OpenBSD (ex. strcopy->strlcpy) and the like?
> :
> :Cheers,
> :Ryan
>
> Yes, there is definitely value in this sort of work, even for the
> 'safe' situations where old functions are used (like
> sprintf(buf, "%d", v)), simply because then the audited and changed
> functions will not show up in people's grep's for old functions
> any more :-)
>
> But the work must definitely be reviewed. For every 50 string
functions
> you replace you have a good chance at introducing 1 new bug :-)
>
> -Matt
> Matthew Dillon
> <dillon at xxxxxxxxxxxxx>
strl{cpy,cat} are not yet in the kernel, IIRC. Will we have them in a
libkern of some sort? Sure one can use the *nprint class functions, but
there is a point in the OpenBSD way and 5.x as well as NetBSD have binary
versions in the kernel.
Comments?
-Max <max at xxxxxxxxxxxxxx>
More information about the Kernel
mailing list