tech-userlevel archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: openpty: limits for name
On Thu, Jul 12, 2012 at 12:13:18PM +0200, Thomas Klausner wrote:
> A Linux man page I found for openpty says:
>
> BUGS
> Nobody knows how much space should be reserved for name. So,
> calling openpty() or forkpty() with non-NULL name may not be secure.
>
> Our man page is silent on that.
>
> The code in libutil/pty.c just does:
> if (name)
> (void)strcpy(name, linep);
>
> I wonder if we (can and) want to promise a limit in the man page, or
> just add a comment like the one in the Linux man page.
Well, "nobody knows how much space to use" is a long form of "do not
use this interface", so unless we want to join the Linux world in
deprecating these calls in favor of open-coding the logic and calling
grantpt(), it should be defined and documented.
it is probably also worth getting the change into all the BSDs.
--
David A. Holland
dholland%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index