This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Wish for 2002
- From: Francois Leclerc <leclerc at austin dot sns dot slb dot com>
- To: libc-alpha at sources dot redhat dot com
- Cc: todd dot miller at courtesan dot com, open-source at csl dot sri dot com
- Date: Wed, 02 Jan 2002 18:02:33 -0600
- Subject: Wish for 2002
- Organization: Schlumberger
Dear glibc maintainer,
I'm trying to review some code for its security.
One of the impediment is the portability of strlcat and strlcpy in
glibc.
- Strlcat & strlcpy were presented by Todd Miller/Theo de Raadt in the
1999 USENIX Annual Technical Conference
http://www.usenix.org/events/usenix99/millert.html
-Currently *BSD distributions have strl* functions implemented.
-Currently OpenSSH has to provide strl* functions from OpenBSD.
And OpenSSH is used in most *Linux ( * includes GNU/) distributions.
-Currently rsync under GNU GPL is defining strl* functions.
-Currently Best current practices do recommend strl* where apropriate
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/library-c.html
-Similar requests were posted to various GNU lists:
http://mail.gnome.org/archives/gtk-devel-list/2000-May/msg00029.html
http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html
-Todd Miller is available as for code licensing terms are concerned.
Could you reconsider including strl* functions for those who wish to
deprecate some str* functions in their security code
in a portable fashion ?
With my best regards,
--FL, CISSP