On Sun, Mar 04, 2012 at 10:31:01PM +0000, David Laight wrote: > > > That could be used as a compile-time substitute when the buffer > > > size is known - ie when 'sizeof buffer != sizeof (char *)' > > > > I don't think that makes too much sense. If you want to read a full > > line, use getline. If you don't, loop with fgets until the full line is > > read. > > I was thinging of a header file fix to allow code to compile > without changing the source and with miminal 'security' issues.
Every program that matters was patched 20+ years ago. It is a nonissue. (BTW, the reason it's hard to check pkgsrc is not that you can't tell if an executable uses gets; nm will do that. It's that you have to unpack all the output packages to inspect them. Or unpack all the sources. It's much easier to just run a build in a modified chroot.) -- David A. Holland dholl...@netbsd.org
