This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Wish for 2002


Dear glibc maintainer,

I'm trying to review some code for its security.
One of the impediment is the portability of strlcat and strlcpy in
glibc.


- Strlcat & strlcpy were presented by Todd Miller/Theo de Raadt in the 
1999 USENIX Annual Technical Conference
http://www.usenix.org/events/usenix99/millert.html

-Currently *BSD distributions have strl* functions implemented.

-Currently OpenSSH has to provide strl* functions from OpenBSD.
And OpenSSH is used in most *Linux ( * includes GNU/) distributions.

-Currently rsync under GNU GPL is defining strl* functions.

-Currently Best current practices do recommend strl* where apropriate
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/library-c.html

-Similar requests were posted to various GNU lists:
http://mail.gnome.org/archives/gtk-devel-list/2000-May/msg00029.html
http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html

-Todd Miller is available as for code licensing terms are concerned.

Could you reconsider including strl* functions for those who wish to 
deprecate some str* functions in their security code 
in a portable fashion ?


With my best regards,
--FL, CISSP


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]