• Next message: Arthur Tateishi: "Re: A discipline for packages"
• Previous message: no, I don't repeat it!: "Re: "the `gets' function is unreliable and should not be used"??!!!"
• Next in thread: Mark Eichin: "Re: "the `gets' function is unreliable and should not be used"??!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
Subject: Re: "the `gets' function is unreliable and should not be used"??!!!
Date: Fri, 1 Jan 1993 00:00:13 GMT

   From: kutcha@eos.acm.rpi.edu (Phillip Rzewski)
   Date: Thu, 31 Dec 1992 22:22:42 GMT

       I happen to think the gcc error message is a tad annoying, but it's
   only trying to be helpful. I get the impression that once people saw the
   problems gets() could cause they'd try to stamp out its use forever by
   just reminding people over and over again why it is a bad thing. :)

Well, yes --- those of you who read about (or some cases, experienced)
the Internet Worm of 1998 should know exactly how much trouble using
gets() can cause. Specifically, enough to open a gaping wide security
hole into every single system running a BSD-derived fingerd program
(which was most of the machines on the Internet).

Followups should go to alt.security.

                                                - Ted

• Next message: Arthur Tateishi: "Re: A discipline for packages"
• Previous message: no, I don't repeat it!: "Re: "the `gets' function is unreliable and should not be used"??!!!"
• Next in thread: Mark Eichin: "Re: "the `gets' function is unreliable and should not be used"??!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]