On Wed, Sep 8, 2010 at 9:15 AM, Rink Springer <[email protected]> wrote: > Hi, > > On Wed, Sep 08, 2010 at 08:51:57AM -0700, [email protected] wrote: >> It seems like a large project, but OTOH sprintf(9) is mighty unsafe in >> the kernel. It's disapproved of for user-space as being unsafe for >> security reasons as well, but the potential downsides aren't the same, >> and we'll never clean up ports anyways. :-) > > Deprecating it may be usable, yet I don't believe we can easily enforce > such a policy [1].
If the kernel sources don't use it then the prototype can be removed. > Have you looked at how many (potentially) unsecure > uses there are in the kernel, to give an idea how useful such an effort > would be? I presume all the kernel uses are safe at the moment, but it's an error prone construction. As of this morning grep found 1277 occurrences of sprintf(9) in sys/ and 23 occurrences of vsprintf(9) in sys/. Thanks, matthew _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[email protected]"
