Amavisd-new na Redhat 9

Robert Vojta rvojta na
Středa Červen 11 13:35:53 CEST 2003

> > Jediny problem byl s knihovnami sendmailu libmilter.a, libsm.a ....
> strlcpy je poskytovana tedy kterou knihovnou?

  libc in 
    - OpenBSD
    - FreeBSD
    - Sun Solaris
    - SCO OpenServer
    - SCO UnixWare
    - Caldera OpenUnix
    - HP-UX

  * From: Ulrich Drepper <drepper at redhat dot com>
  As repeatedly said, these functions are completely nonsense.  They
  don't increase security, they only allow sloppy programmers get by
  without fixing there code.  At any time the programmer must be aware
  of the sizes of the arrays involved.  Adding these interfaces would
  only mean promoting writing broken code which will never happen.

  * From: Paul Eggert <eggert at twinsun dot com>

  This area is controversial.  Personally, I avoid strlcat and strlcpy,
  as I don't think they add much security in practice, and any minor
  advantages they have in that area tend to be outweighed by the fact
  that they make code harder to read and to maintain (which introduces
  its own set of security problems).  I therefore don't recommend their
  use in GNU applications, and I discourage requests to use them in GNU
  applications that I help maintain.

  Some application maintainers disagree with me on this issue, and they
  are free to define and use their own versions of these functions.
  Portable code must define its own strlcat and strlcpy anyway, as these
  functions are not standardized and have different semantics on
  different hosts.  So portability is not an unassailable argument for
  adding them to glibc.

  If a standard like POSIX required us to add these functions to glibc,
  then of course we would add them (perhaps with advice not to use them

UNIS, spol. s r.o.                                    Robert Vojta 
Jundrovska 33                                         R&D Department
624 00 Brno                                           Tel: +420 541 515 297
Czech Republic                                        Fax: +420 541 210 361

Další informace o konferenci Linux