> # make > cc -c sleezeball.c > sleezeball.c:79: warning: conflicting types for built-in function `log' > cc -o sleezeball sleezeball.o > sleezeball.o(.text+0xd0): In function `log': > : warning: vsprintf() is often misused, please use vsnprintf() > sleezeball.o(.text+0x5d): In function `get_date': > : warning: strcpy() is almost always misused, please use strlcpy() > # cd /usr/ports/ > # make search name=sleezeball > # > ======================================================================== > > Are these warnings ok? Is it really bad security to use this Software? >
strcpy and friends are known to be prone to buffer overflow and other such vulnerabilities. Security experts therefore advise using variants like strlcpy and friends. OpenBSD, being more security conscious, probably has these warning enabled by default and that is why you're getting them while issuing a simple make. -- Sharninder _______________________________________________ bsd-india mailing list [email protected] http://www.bsd-india.org/mailman/listinfo/bsd-india
