On Wed, 23 Sep 1998, Niels Hald Pedersen wrote:
->
->> BTW any security FAQ proposes avoiding getopt() but this is hard to
->> achieve...
->>
->why ?
->
I would say it is not buffer-overflow safe...
[snip]
* Avoid routines that fail to check buffer boundaries when
manipulating strings, particularly gets(), strcpy(),
strcat(),sprintf(), fscanf(), scanf(), vsprintf(), realpath(),
getopt(), getpass(), streadd(), strecpy(), and strtrns().
[snip]
the complete FAQ is available at www.sunworld.com in the Aug98 issue
Regards,
Marin
"Knowledge is not a crime. Some of its applications are..."
- Unknown hacker
