Advertisement
Advanced thin client solution for Linux, based on Open Source. Mix Windows and Linux applications on the same desktop.
Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
What If I Don't Actually Like My Users?What If I Don't Actually Like My Users?Posted Apr 4, 2008 20:06 UTC (Fri) by nix (subscriber, #2304)In reply to: What If I Don't Actually Like My Users? by JoeBuck Parent article: What If I Don't Actually Like My Users?
Hm, yes. I was going to say that tmpnam() et al are impossible to get right, but they're not: you can run them in constrained environments in which you know you won't get attacked. You don't *need* to be attacked for gets() to shoot you in the head. (Why oh why were gets(), puts() and the other pre-stdio functions not quietly retired when stdio was invented? At least gets() is rarely used in free software, although probably not as rarely as seekdir()/telldir(), which I've never even heard of anyone using.)
(Log in to post comments)
What If I Don't Actually Like My Users? Posted Apr 4, 2008 20:38 UTC (Fri) by xbobx (guest, #51363) [Link] > Why oh why were gets(), puts() and the other pre-stdio functions not quietly retired when stdio was invented? puts() is still used all the time. In fact, for the almost-simplest of programs:
#include <stdio.h>
int main(void) {
printf("hi\n");
return 0;
}
gcc 4.1.2 on my system generates the following:
sub $0x8,%rsp mov $0x4005f8,%edi callq 400430 <puts@plt> xor %eax,%eax add $0x8,%rsp retqIf you use anything more complicated than a constant static string it will actually call printf().
What If I Don't Actually Like My Users? Posted Apr 4, 2008 20:49 UTC (Fri) by nix (subscriber, #2304) [Link] Well, yeah, but as the analogue of gets(), entirely redundant to fputs(), both should have gone if either do, and gets() certainly should have gone. But it didn't.
What If I Don't Actually Like My Users? Posted Apr 5, 2008 3:33 UTC (Sat) by njs (subscriber, #40338) [Link] Any use at all of gets() does cause a linker warning, at least.
What If I Don't Actually Like My Users? Posted May 19, 2008 8:32 UTC (Mon) by TBBle (guest, #52146) [Link] > At least gets() is rarely used in > free software, although probably not as rarely as seekdir()/telldir(), > which I've never even heard of anyone using. Samba uses it... http://www.vnode.ch/fixing_seekdir Mind you, I wouldn't have known Samba was using it either (and in fact it took me a little while to wrap my head around why) before I saw that article.
What If I Don't Actually Like My Users? Posted May 19, 2008 19:55 UTC (Mon) by nix (subscriber, #2304) [Link] So a really quite substantial bug (affecting perhaps 3% of all calls to this function in nontrivial directories) persisted for *a quarter of a century* before anyone noticed it. I suspect that seekdir()/telldir() has exactly one user: Samba. Given how horrible it makes filesystem implementations, and the closeness of Samba implementors to the kernel, I'm not sure that it's worth preserving this function for that one user (which is privileged in any case so the usual oops-it-might-use-up-too-much-memory arguments against a naive entirely-in-VFS implementation do not apply). Votes to make seekdir()/telldir() root-only, anyone?
|
|||||||||||