This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: [open-source] Re: Wish for 2002 ...
- From: Henry Spencer <henry at spsystems dot net>
- To: "Martin v. Loewis" <martin at v dot loewis dot de>
- Cc: leclerc at austin dot sns dot slb dot com, kaz at ashi dot footprints dot net, security-audit at ferret dot lmh dot ox dot ac dot uk, a dot josey at opengroup dot org, tiemann at redhat dot com, libc-alpha at sources dot redhat dot com, open-source at csl dot sri dot com
- Date: Thu, 10 Jan 2002 18:20:06 -0500 (EST)
- Subject: Re: [open-source] Re: Wish for 2002 ...
On Thu, 10 Jan 2002, Martin v. Loewis wrote:
> > In this proposed statement, I try to express that:
> > -There is still doubt in the mind of the GNU libc maintainers of
> > the security benefits provided by strlcat & strlcpy.
>
> What about Kaz' objection that the semantics of these functions is not
> clearly defined?
It is lamentable that there has been some divergence, but that doesn't
mean one has to freeze, paralyzed with indecision, and do nothing. The
original Usenix paper, which in the absence of formal standardization is
the closest thing we have to a standard, specified the semantics in some
detail; is there a question it does not answer?
Henry Spencer
henry@spsystems.net