On Thu, 08 Jul 1999, Falk Hueffner wrote: >Jeff Licquia <[EMAIL PROTECTED]> writes: >> Please accomodate this paranoid, if you would... >> >> snprintf() is better than sprintf(), both for reliability and for >> security reasons. snprintf() takes a length parameter, and will not >> fill the buffer past its end. Using sprintf() (and strcat() for that >> matter, and all manner of other string functions) in setuid and >> root-owned processes is the #1 cause of security problems under both >> Unix and NT. >> >> Yes, this use of sprintf() is likely OK, since you control the one >> variable used. And perhaps this won't be root-owned or setuid in >> normal circumstances. Still, it's a good habit to get into. > >Unfortunately, snprintf is a GNU extension and not generally available >on other Unixen. So I wouldn't use it without shipping the function >with the source (some projects do this).
MS Visual C++ has it... -- She says "This, is the real thing, coz you're never gonna find the door" I'm on my way.
