From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 5dd0c40f for ; Thu, 21 Nov 2019 20:39:06 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 1D75694BFA; Fri, 22 Nov 2019 06:39:05 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 49CAD93D71; Fri, 22 Nov 2019 06:38:52 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=pass (2048-bit key; unprotected) header.d=bsdimp-com.20150623.gappssmtp.com header.i=@bsdimp-com.20150623.gappssmtp.com header.b="y/cQ1dW/"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id 36EE693D74; Fri, 22 Nov 2019 06:38:50 +1000 (AEST) Received: from mail-qt1-f177.google.com (mail-qt1-f177.google.com [209.85.160.177]) by minnie.tuhs.org (Postfix) with ESMTPS id 7751A93D59 for ; Fri, 22 Nov 2019 06:38:49 +1000 (AEST) Received: by mail-qt1-f177.google.com with SMTP id y39so5258121qty.0 for ; Thu, 21 Nov 2019 12:38:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tKiwaQW+XviAm/D9W4ocA8h2V1tzB+gzISsUZBoe7jI=; b=y/cQ1dW/Hjx/GPSJGKMdm3fzKQpFIYLuMEVL6C1bJ+YOi0f7+kGIZAfumqvVK7hmCp Cn4nXdJ8nDA5di11MUqjEVl12PYvoDhV1YK8bwHsxY+XvNmxExCYz1lYhqQeuGNk/nhw v1E5bYPPUISzF9y3U0QpVJvaMKB1turKc2i7TZ8PV7Q4Iiu4f4kpWR+v8vrtOzVjZzYE 5SoLBTwBJ+Et0WIeiMRyI0Y7GrNmxeq6LgqFeA84gCGZ3M277Kjex62EaHLnf88rfE8I Fjvmpe1Dk0OrsZnaIU3rM5oVc+XvhMdBRCNRl+iECUh1iK2qLTlpLjObMqdzJEadePLG IrHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tKiwaQW+XviAm/D9W4ocA8h2V1tzB+gzISsUZBoe7jI=; b=UqEokZXzv/I2zQHc6QxM1YIvq+XtmJuX4zBjdzA5j5GMh58rivYr9XZCZ+fSFYfaqx XBSb2FvQGStr9Vi6M2yngGldRaKhA5YCY/7sI10z+5sNf3rzusJ89BYsE/syk1+tBgp9 sXI2NfD9766R/iNwno2XhHxHSaSUzQLo4aL6mOHhcfA7Sp7JjmaDAWxjhqAH4hnZxzmb S7R9S4Uq5+PRaNa5wBhhU/58fB0cBQSWhCaW3KwDfHksNi7j1Tb+a1UuYoGpUo5ILP4w WpjgwBubVNCIEZvOATTQfsHpBFc44elg/tXMl1hIKx1FrXpRaY5FUxqeyDRGd7B/fS3g Dm4w== X-Gm-Message-State: APjAAAUGHsRcniMiGhnTO0esQV9iXtzP68NW651VIo+zidefYCa6Egi4 g1mDUiKffJM9lvMmpmIV8yR9zCaiqm+caAZupZZNeQ== X-Google-Smtp-Source: APXvYqx7O4a3OAOY59o2/wxSFcijtyhjGVA0nLXRsu9ttjFrBGP5ltWb5vfNyE+J8N+csxva1L1DOEVmIR468A/kh7w= X-Received: by 2002:ac8:754c:: with SMTP id b12mr1558190qtr.291.1574368728517; Thu, 21 Nov 2019 12:38:48 -0800 (PST) MIME-Version: 1.0 References: <1573592179.5935.for-standards-violators@oclsc.org> <20191112221053.C2009156E80B@mail.bitblocks.com> In-Reply-To: From: Warner Losh Date: Thu, 21 Nov 2019 13:38:37 -0700 Message-ID: To: Dave Horsfall Content-Type: multipart/alternative; boundary="000000000000cf1bc90597e1481e" Subject: Re: [TUHS] buffer overflow (Re: Happy birthday Morris worm X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: The Eunuchs Hysterical Society Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" --000000000000cf1bc90597e1481e Content-Type: text/plain; charset="UTF-8" On Thu, Nov 21, 2019 at 1:02 PM Dave Horsfall wrote: > On Tue, 19 Nov 2019, Tony Finch wrote: > > > Amusingly POSIX says the C standard takes precedence wrt the details of > > gets() (and other library functions) and C18 abolished gets(). I'm > > slightly surprised that the POSIX committee didn't see that coming and > > include the change in the 2018 edition... > > Didn't know that gets() had finally been abolished; it's possibly the most > unsafe function (OK, macro) on the planet. I've long been tempted to > remove gets() and see what breaks... > A few things actually broke when FreeBSD removed it. Apart from 'wrappers' that needed it for various reasons, it was only a few programs in our 'ports' package that needed to be corrected. Most people have moved on with the 20 years of warnings when it was used... Sadly only most... Warner --000000000000cf1bc90597e1481e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Thu, Nov 21, 2019 at 1:02 PM Dave = Horsfall <dave@horsfall.org>= wrote:
On Tue, = 19 Nov 2019, Tony Finch wrote:

> Amusingly POSIX says the C standard takes precedence wrt the details o= f
> gets() (and other library functions) and C18 abolished gets(). I'm=
> slightly surprised that the POSIX committee didn't see that coming= and
> include the change in the 2018 edition...

Didn't know that gets() had finally been abolished; it's possibly t= he most
unsafe function (OK, macro) on the planet.=C2=A0 I've long been tempted= to
remove gets() and see what breaks...

A = few things actually broke when FreeBSD removed it. Apart from 'wrappers= ' that needed it for various=C2=A0reasons, it was only a few programs i= n our 'ports' package that needed to be corrected.

Most people have moved on with the 20 years of warnings when it wa= s used... Sadly only most...

Warner=C2=A0
--000000000000cf1bc90597e1481e--