On 5/3/07, Robert Shearman <[EMAIL PROTECTED]> wrote:
Tom Spear wrote:
> I was writing up a Hello World with input program for a demonstration
> for a non-developer coworker last week, and used the unsecured getch()
> and got the standard warning about how it was unsecured and dangerous
> to use that. That prompted me to look up the basic secured functions
> on the MS website, and compare to wine code. According to MSDN,
> things like gets have been replaced with gets_s. However, as far as I
> can tell, wine still only implements gets for Windows programs to
> use.. Do we implement secured versions of other functions, and if
> not, how come?
Q: Why doesn't Wine implement X?
A: Because not many programs use it and no-one has felt interested in
implementing it for fun.
So in other words, most programs use insecure functions (like gets)
instead of using secure functions (like gets_s), leaving themselves
vulnerable to all sorts of buffer overflows? I wonder if microsoft
doesn't silently convert gets calls to gets_s calls, then, and maybe
didn't document that?
Otherwise I assume there would be thousands of buffer overflows that
(malicious) people would exploit.
I understand that most programs dont use either of those functions,
but there are others that are used by nearly every program that ms
deprecated in favor of secure versions.
--
Thanks
Tom
Check out this new 3D Instant Messenger called IMVU. It's the best I
have seen yet!
http://imvu.com/catalog/web_invitation.php?userId=1547373&from=power-email
