LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

What If I Don't Actually Like My Users?

What If I Don't Actually Like My Users?

Posted Apr 4, 2008 20:06 UTC (Fri) by nix (subscriber, #2304)
In reply to: What If I Don't Actually Like My Users? by JoeBuck
Parent article: What If I Don't Actually Like My Users? 

Hm, yes. I was going to say that tmpnam() et al are impossible to get 
right, but they're not: you can run them in constrained environments in 
which you know you won't get attacked. You don't *need* to be attacked for 
gets() to shoot you in the head.

(Why oh why were gets(), puts() and the other pre-stdio functions not 
quietly retired when stdio was invented? At least gets() is rarely used in 
free software, although probably not as rarely as seekdir()/telldir(), 
which I've never even heard of anyone using.)

(Log in to post comments)

What If I Don't Actually Like My Users?

Posted Apr 4, 2008 20:38 UTC (Fri) by xbobx (subscriber, #51363) [Link]

> Why oh why were gets(), puts() and the other pre-stdio functions not quietly retired when stdio was invented? puts() is still used all the time. In fact, for the almost-simplest of programs: 
#include <stdio.h>
int main(void) {
    printf("hi\n");
    return 0;
}
gcc 4.1.2 on my system generates the following: 
sub    $0x8,%rsp
mov    $0x4005f8,%edi
callq  400430 <puts@plt>
xor    %eax,%eax
add    $0x8,%rsp
retq
If you use anything more complicated than a constant static string it will actually call printf().

What If I Don't Actually Like My Users?

Posted Apr 4, 2008 20:49 UTC (Fri) by nix (subscriber, #2304) [Link] 

Well, yeah, but as the analogue of gets(), entirely redundant to fputs(), 
both should have gone if either do, and gets() certainly should have gone.

But it didn't.

What If I Don't Actually Like My Users?

Posted Apr 5, 2008 3:33 UTC (Sat) by njs (subscriber, #40338) [Link] 

Any use at all of gets() does cause a linker warning, at least.

What If I Don't Actually Like My Users?

Posted May 19, 2008 8:32 UTC (Mon) by TBBle (guest, #52146) [Link] 

> At least gets() is rarely used in 
> free software, although probably not as rarely as seekdir()/telldir(), 
> which I've never even heard of anyone using.

Samba uses it... http://www.vnode.ch/fixing_seekdir

Mind you, I wouldn't have known Samba was using it either (and in fact it took me a little
while to wrap my head around why) before I saw that article.

What If I Don't Actually Like My Users?

Posted May 19, 2008 19:55 UTC (Mon) by nix (subscriber, #2304) [Link] 

So a really quite substantial bug (affecting perhaps 3% of all calls to 
this function in nontrivial directories) persisted for *a quarter of a 
century* before anyone noticed it.

I suspect that seekdir()/telldir() has exactly one user: Samba. Given how 
horrible it makes filesystem implementations, and the closeness of Samba 
implementors to the kernel, I'm not sure that it's worth preserving this 
function for that one user (which is privileged in any case so the usual 
oops-it-might-use-up-too-much-memory arguments against a naive 
entirely-in-VFS implementation do not apply).

Votes to make seekdir()/telldir() root-only, anyone?

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds