DragonFly BSD
DragonFly kernel List (threaded) for 2003-12
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: More thinking securely...

From: David Rhodus <drhodus@xxxxxxxxx>
Date: Tue, 9 Dec 2003 15:30:31 -0500

On Dec 9, 2003, at 2:15 PM, Matthew Dillon wrote:

:Would there be any value (right now) in moving away from unsafe/unbounded
:string functions like OpenBSD (ex. strcopy->strlcpy) and the like?

    Yes, there is definitely value in this sort of work, even for the
    'safe' situations where old functions are used (like
    sprintf(buf, "%d", v)), simply because then the audited and changed
    functions will not show up in people's grep's for old functions
    any more :-)

But the work must definitely be reviewed. For every 50 string functions
you replace you have a good chance at introducing 1 new bug :-)

I wonder if this is something that we should do slowly as were doing with
some of the k&r type definition cleanups in the kernel as there is still a
considerable amount of code being pulled in from various places(FreeBSD...).
Changing too many of these might slow down the import process for code, ex
the agp code from today....


[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]