DragonFly kernel List (threaded) for 2003-12
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: More thinking securely...

From:	Ryan Dooley <dooleyr@xxxxxxxxxxxx>
Date:	Tue, 09 Dec 2003 13:28:18 -0600

On Tue, 2003-12-09 at 13:15, Matthew Dillon wrote:
> :Would there be any value (right now) in moving away from unsafe/unbounded
> :string functions like OpenBSD (ex. strcopy->strlcpy) and the like?
> :
> :Cheers,
> :Ryan
> 
>     Yes, there is definitely value in this sort of work, even for the
>     'safe' situations where old functions are used (like
>     sprintf(buf, "%d", v)), simply because then the audited and changed
>     functions will not show up in people's grep's for old functions
>     any more :-)

Right on... I need to setup a development machine (vmware is so not the
way to go) but that might have to wait until after the holidays (the
only box I have at home is a older machine that runs windows for my wife
:-)

>     But the work must definitely be reviewed.  For every 50 string functions
>     you replace you have a good chance at introducing 1 new bug :-)

I will start work on this then indeed and submit patches as I do them.

Cheers,
Ryan

References:
- More thinking securely...
  - From: Ryan Dooley
- Re: More thinking securely...
  - From: Matthew Dillon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]