Re: Unsecured API functions
Am Donnerstag 03 Mai 2007 23:58 schrieb Tom Spear: On 5/3/07, Marcus Meissner [EMAIL PROTECTED] wrote: wine is not using gets() at all, insofar there is no risk from it. That much I knew, however we do use strcpy (especially in msi), and that is another one that has been deprecated (banned).. Afair some time ago part of the code was using strncpy which has a destination size count and is sometimes considered safe because of that. The strncpy calls were removed some time ago. Not sure why, but I think thats because strncpy has tricky cavecats too, like not necessarily terminating the string with '\0'. I don't know about the _s APIs, but I guess they're not fool prove either and look like a sort of embrace and extend to me. As for applications using the safe functions I think Frank is right and they are implemented in the visual studio specifc msvcrt dlls, thus wine doesn't have to implement them. My Visual Studio 6 doesn't know them.
Re: Unsecured API functions
On Thu, May 03, 2007 at 04:58:58PM -0500, Tom Spear wrote: On 5/3/07, Marcus Meissner [EMAIL PROTECTED] wrote: wine is not using gets() at all, insofar there is no risk from it. That much I knew, however we do use strcpy (especially in msi), and that is another one that has been deprecated (banned).. See http://msdn2.microsoft.com/en-us/library/bb288454.aspx for the complete list.. It would be quite hard to convert gets - gets_s by magic ;) hmm, I thought so, and re-reading the page, it appears that it is actually more of a proposal, than a list of api's that have actually already been deprecated, however if msdn has an article from the sdl that pushes for the deprecation of non-strsafe functions, I think we should take that seriously, and at least investigate the difficulty (I'm not pushing for it to be replaced anywhere in the code right now, because we are already spread too thin). Newer gcc have checking for strcpy() overflows, and I have local patches for buffer overflow checking for some of our other string functions. Meaning ... I am watching at least the Wine Internals ;) Ciao, Marcus
Unsecured API functions
I was writing up a Hello World with input program for a demonstration for a non-developer coworker last week, and used the unsecured getch() and got the standard warning about how it was unsecured and dangerous to use that. That prompted me to look up the basic secured functions on the MS website, and compare to wine code. According to MSDN, things like gets have been replaced with gets_s. However, as far as I can tell, wine still only implements gets for Windows programs to use.. Do we implement secured versions of other functions, and if not, how come? -- Thanks Tom Check out this new 3D Instant Messenger called IMVU. It's the best I have seen yet! http://imvu.com/catalog/web_invitation.php?userId=1547373from=power-email
Re: Unsecured API functions
Tom Spear wrote: I was writing up a Hello World with input program for a demonstration for a non-developer coworker last week, and used the unsecured getch() and got the standard warning about how it was unsecured and dangerous to use that. That prompted me to look up the basic secured functions on the MS website, and compare to wine code. According to MSDN, things like gets have been replaced with gets_s. However, as far as I can tell, wine still only implements gets for Windows programs to use.. Do we implement secured versions of other functions, and if not, how come? Q: Why doesn't Wine implement X? A: Because not many programs use it and no-one has felt interested in implementing it for fun. -- Rob Shearman
Re: Unsecured API functions
On 5/3/07, Robert Shearman [EMAIL PROTECTED] wrote: Tom Spear wrote: I was writing up a Hello World with input program for a demonstration for a non-developer coworker last week, and used the unsecured getch() and got the standard warning about how it was unsecured and dangerous to use that. That prompted me to look up the basic secured functions on the MS website, and compare to wine code. According to MSDN, things like gets have been replaced with gets_s. However, as far as I can tell, wine still only implements gets for Windows programs to use.. Do we implement secured versions of other functions, and if not, how come? Q: Why doesn't Wine implement X? A: Because not many programs use it and no-one has felt interested in implementing it for fun. So in other words, most programs use insecure functions (like gets) instead of using secure functions (like gets_s), leaving themselves vulnerable to all sorts of buffer overflows? I wonder if microsoft doesn't silently convert gets calls to gets_s calls, then, and maybe didn't document that? Otherwise I assume there would be thousands of buffer overflows that (malicious) people would exploit. I understand that most programs dont use either of those functions, but there are others that are used by nearly every program that ms deprecated in favor of secure versions. -- Thanks Tom Check out this new 3D Instant Messenger called IMVU. It's the best I have seen yet! http://imvu.com/catalog/web_invitation.php?userId=1547373from=power-email
Re: Unsecured API functions
On Thu, May 03, 2007 at 04:16:31PM -0500, Tom Spear wrote: On 5/3/07, Robert Shearman [EMAIL PROTECTED] wrote: Tom Spear wrote: I was writing up a Hello World with input program for a demonstration for a non-developer coworker last week, and used the unsecured getch() and got the standard warning about how it was unsecured and dangerous to use that. That prompted me to look up the basic secured functions on the MS website, and compare to wine code. According to MSDN, things like gets have been replaced with gets_s. However, as far as I can tell, wine still only implements gets for Windows programs to use.. Do we implement secured versions of other functions, and if not, how come? Q: Why doesn't Wine implement X? A: Because not many programs use it and no-one has felt interested in implementing it for fun. So in other words, most programs use insecure functions (like gets) instead of using secure functions (like gets_s), leaving themselves vulnerable to all sorts of buffer overflows? I wonder if microsoft doesn't silently convert gets calls to gets_s calls, then, and maybe didn't document that? Otherwise I assume there would be thousands of buffer overflows that (malicious) people would exploit. I understand that most programs dont use either of those functions, but there are others that are used by nearly every program that ms deprecated in favor of secure versions. wine is not using gets() at all, insofar there is no risk from it. It would be quite hard to convert gets - gets_s by magic ;) Ciao, Marcus
Re: Unsecured API functions
On 5/3/07, Marcus Meissner [EMAIL PROTECTED] wrote: wine is not using gets() at all, insofar there is no risk from it. That much I knew, however we do use strcpy (especially in msi), and that is another one that has been deprecated (banned).. See http://msdn2.microsoft.com/en-us/library/bb288454.aspx for the complete list.. It would be quite hard to convert gets - gets_s by magic ;) hmm, I thought so, and re-reading the page, it appears that it is actually more of a proposal, than a list of api's that have actually already been deprecated, however if msdn has an article from the sdl that pushes for the deprecation of non-strsafe functions, I think we should take that seriously, and at least investigate the difficulty (I'm not pushing for it to be replaced anywhere in the code right now, because we are already spread too thin). -- Thanks Tom Check out this new 3D Instant Messenger called IMVU. It's the best I have seen yet! http://imvu.com/catalog/web_invitation.php?userId=1547373from=power-email
Re: Unsecured API functions
On Thursday 03 May 2007 23:16, Tom Spear wrote: Otherwise I assume there would be thousands of buffer overflows that (malicious) people would exploit. Noone should use gets(). There are lots of better alternatives. For the other deprecated functions, there are ways to check that the input is valid before calling it, iirc. As far as imnplementing the secured functions in Wine, I have yet to see a program that's failing because it tries to use one of them. Cheers, Kai -- Kai Blin, kai Dot blin At gmail Dot com WorldForge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin/ Samba team member http://us1.samba.org/samba/team/ -- Will code for cotton. pgpLy9AS214xj.pgp Description: PGP signature
Re: Unsecured API functions
On 5/3/07, Kai Blin [EMAIL PROTECTED] wrote: On Thursday 03 May 2007 23:16, Tom Spear wrote: Noone should use gets(). There are lots of better alternatives. For the other deprecated functions, there are ways to check that the input is valid before calling it, iirc. I agree that nobody uses it, and that there are better alternatives, I was just using it as an example. You are correct, though about there being ways to check the input. As far as imnplementing the secured functions in Wine, I have yet to see a program that's failing because it tries to use one of them. I do agree that we shouldnt implement it until a program fails. I know I worded the email wrong. I was actually just wondering if we had any plans to implement them in the future and if we had the resources to do that. -- Thanks Tom Check out this new 3D Instant Messenger called IMVU. It's the best I have seen yet! http://imvu.com/catalog/web_invitation.php?userId=1547373from=power-email
Re: Unsecured API functions
On 03.05.2007 22:00, Tom Spear wrote: Do we implement secured versions of other functions, and if not, how come? The *_s functions are provided by the C runtime library (ie msvcr80.dll). So Wine probably doesn't need to implement them (at least not until they pop up in, say, msvcrt.dll). -f.r.
