Subject: Re: Trouble compiling pine, pico, httpd
To: The Great Mr. Kurtz <davagatw@mars.utm.edu>
From: Allen Briggs <briggs@puma.bevd.blacksburg.va.us>
List: port-mac68k
Date: 12/15/1995 23:24:05
> Will *any* serious programs compile without an FPU?
Make sure that '-O' isn't on the compile line.
> So far, pine failed,
> pico failed, and NCSA HTTPd failed, all with fpu_emulation_type = none
> not recognized errors.
Can you send me the exact error? I definitely don't see this error in
the kernel sources...
> I asked it to build for
> BSD. Should I have built for A/UX instead?
Definitely not.
> The errors were warnings
> about conflicting types for built-in functions memcmp, memcpy, strcmp,
> and strcpy. Also, the system said that pine uses gets(), which is
> unsafe. Tree :-) questions. Why is gets unsafe? If it's unsafe, why is it
> used in Pine? What problems am I likely to experience using Pine with
> this instruction?
Don't worry about the warnings. They are annoying and should be dealt
with, but they're not your problem. gets() is unsafe because it doesn't
have any way of knowing how big a buffer you're passing it. Someone
could have code like:
char buff[128];
gets(buff);
and someone could easily enter in 256 characters, overwriting the stack
and anything else--causing a core dump or other nasty behavior (some of
which might be exploitable--in fact, some people have actually used such
"features" of stdlib functions to break into systems or gain root access
through programs which are setuid and which use such functions). fgets()
is an easy fix for these programs.
-allen
--
Allen Briggs - end killing - allen.briggs@bev.net ** MacBSD == NetBSD/mac68k **
Where does all my time go? <a href="http://www.netbsd.org/">Guess.</a>