Amos Gouaux wrote: > >>>>> On Mon, 1 Oct 2001 05:56:08 +0200, > >>>>> Szymon Juraszczyk <[EMAIL PROTECTED]> (sj) writes: > > sj> I spent a few days figuring out why this beast was crashing. And all > sj> because lots of people still are unaware of elementary secure programing > sj> issues, hence they make trivial mistakes such as sprintf()-ing variable > sj> length string into a fixed size buffer. Sigh... > > Looks like this was contributed to CMU. > > Wait, did you use the --with-notify option to configure? If so, > what did you specify it as? > Yes, that is contributed code. By me! When I posted it to the list I warned that I'm not a regular C coder and that this is a quick hack mainly copied and pasted from someone else's code, but I guess that that warning didn't get through to the docs.
Anyway, this is an obvious and stupid mistake, and I'm sorry that you've been caught by it. I haven't actually got around to using notify_unix at our site, which is why I haven't checked the code more carefully, and haven't been caught by this bug.
