Implications of recent virus (Trojan Horse) attack
Root Boy Jim
rbj at nav.icst.nbs.gov
Wed Nov 16 04:44:43 AEST 1988
? Well, now, gets() is of course unsafe, but then there are
? read(), sprintf(), and no telling how many others. For that
? matter, *p++ = *q++
Not quite in the same way. Read takes an argument which specifys the
maximum size of the buffer, no problem. Copying a string (*p++ = *q++),
while a frequent source of bugs, is possible to control since strlen
will tell you the length. Likewise sprintf; with a little care one
can precompute the size and reserve a large enuf area. One problem the
latter two have is with segmentation violations.
However, with gets(), one is totally at the mercy of data that is
outside the program, and thus, not under control.
? haynes at ucscc.ucsc.edu ? haynes at ucscc.bitnet ? ...ucbvax!ucscc!haynes
? "Any clod can have the facts, but having opinions is an Art."
? Charles McCabe, San Francisco Chronicle
(Root Boy) Jim Cottrell (301) 975-5688
<rbj at nav.icst.nbs.gov> or <rbj at icst-cmr.arpa>
Careful with that VAX Eugene!
I can't think about that. It doesn't go with HEDGES in the shape of
LITTLE LULU -- or ROBOTS making BRICKS...
More information about the Comp.unix.wizards
mailing list