Amavisd-new na Redhat 9
rvojta na unis.cz
Středa Červen 11 13:35:53 CEST 2003
> > Jediny problem byl s knihovnami sendmailu libmilter.a, libsm.a ....
> strlcpy je poskytovana tedy kterou knihovnou?
- Sun Solaris
- SCO OpenServer
- SCO UnixWare
- Caldera OpenUnix
* From: Ulrich Drepper <drepper at redhat dot com>
As repeatedly said, these functions are completely nonsense. They
don't increase security, they only allow sloppy programmers get by
without fixing there code. At any time the programmer must be aware
of the sizes of the arrays involved. Adding these interfaces would
only mean promoting writing broken code which will never happen.
* From: Paul Eggert <eggert at twinsun dot com>
This area is controversial. Personally, I avoid strlcat and strlcpy,
as I don't think they add much security in practice, and any minor
advantages they have in that area tend to be outweighed by the fact
that they make code harder to read and to maintain (which introduces
its own set of security problems). I therefore don't recommend their
use in GNU applications, and I discourage requests to use them in GNU
applications that I help maintain.
Some application maintainers disagree with me on this issue, and they
are free to define and use their own versions of these functions.
Portable code must define its own strlcat and strlcpy anyway, as these
functions are not standardized and have different semantics on
different hosts. So portability is not an unassailable argument for
adding them to glibc.
If a standard like POSIX required us to add these functions to glibc,
then of course we would add them (perhaps with advice not to use them
UNIS, spol. s r.o. Robert Vojta
Jundrovska 33 R&D Department
624 00 Brno Tel: +420 541 515 297
Czech Republic Fax: +420 541 210 361
Další informace o konferenci Linux