DragonFly kernel List (threaded) for 2003-12
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: More thinking securely...

From:	Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date:	Tue, 9 Dec 2003 11:15:53 -0800 (PST)

:Would there be any value (right now) in moving away from unsafe/unbounded
:string functions like OpenBSD (ex. strcopy->strlcpy) and the like?
:
:Cheers,
:Ryan

    Yes, there is definitely value in this sort of work, even for the
    'safe' situations where old functions are used (like
    sprintf(buf, "%d", v)), simply because then the audited and changed
    functions will not show up in people's grep's for old functions
    any more :-)

    But the work must definitely be reviewed.  For every 50 string functions
    you replace you have a good chance at introducing 1 new bug :-)

					-Matt
					Matthew Dillon 
					<dillon@xxxxxxxxxxxxx>

Follow-Ups:
- Re: More thinking securely...
  - From: Max Laier
- Re: More thinking securely...
  - From: David Rhodus
- Re: More thinking securely...
  - From: Ryan Dooley
- Re: More thinking securely...
  - From: Ryan Dooley

References:
- More thinking securely...
  - From: Ryan Dooley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]