This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [libc-alpha] Re: [open-source] Re: Wish for 2002


> Date: Tue, 08 Jan 2002 16:59:10 -0600
> From: Francois Leclerc <leclerc@austin.sns.slb.com>
> 
> What shocked me was that a 2001 article was still quoting 36 occurences
> of "strcpy" in a subset of glibc affecting 900+ places.
> http://www.linuxdevices.com/eljonline/issue06/5457s1t.html

strcpy can be used perfectly safely, with no vulnerabilities whatsoever.
Its use in glibc does not mean there are any vulnerabilities in glibc.

It would be a mistake to rewrite glibc to use strlcpy instead of strcpy,
as that would make the code bigger, slower, and harder to read.

Also, I suspect that such a rewrite wouldn't fix a single security hole.
(If I'm wrong, please correct me.)


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]