tech-userlevel: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5

Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5
To: James Chacon <jchacon@genuity.net>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-userlevel
Date: 09/13/2000 11:13:17

> This logic makes no sense though in the larger context. Using this idea
> then gets() should have simply been removed as well from the library years
> ago as it's abuse can cause system compromises. 

Yes, it should have.  

						- Bill