Subject: Re: vixie-crontab vunerable?
To: Jason Thorpe <thorpej@nas.nasa.gov>
From: John F. Woods <jfw@jfwhome.funhouse.com>
List: current-users
Date: 12/16/1996 15:08:04
It would be my suspicion that warning versions of strcat et al would generate
much more noise than signal, even worse than gets(), and blindly replacing
them with counted versions is probably more troublesome, since many programs
(for better or worse) embed strcat or strcpy in time-critical loops; many
such programs have also taken the time to ensure that overflow situations
will not happen. (Of course, many have not, which is the problem.)