This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Time to add strlcpy/strlcat FINALLY
- From: William Park <opengeometry at yahoo dot ca>
- To: libc-alpha at sourceware dot org
- Date: Wed, 13 Aug 2014 23:02:05 -0400
- Subject: Re: Time to add strlcpy/strlcat FINALLY
- Authentication-results: sourceware.org; auth=none
- References: <E1XHgtz-0001zg-Ct at rmm6prod02 dot runbox dot com> <53EC0C42 dot 9080002 at cs dot ucla dot edu>
On Wed, Aug 13, 2014 at 06:09:22PM -0700, Paul Eggert wrote:
> David A. Wheeler wrote:
> >The general consensus of people who have *studied* how to develop
> >secure software
>
> Long ago, when I looked into the matter by examining the first few instances
> of strlcpy in OpenSSH (this was soon after they rewrote it to use strlcpy),
> the use of strlcpy did not fix any bugs and may have introduced one due to
> silent truncation. This convinced me that strlcpy was not a good way to go
> for its intended application area. And I'll bet my admittedly-brief study
> examined more empirical evidence than the cavalcade of experts you cited.
>
> The argument is not strlcpy versus nothing. It's strlcpy versus reasonable
> alternatives that take the same or less work. These days the alternatives
> are better, so why refight this old battle?
What are the alternatives, though? Everyone criticizes 'strcpy' but
it's included in glibc. But, 'strlcpy' is excluded on the ground that
it's not sufficiently better. Seems to me, someone has sensitive toes.
If it's included, then can you change the names to 'snstrcpy' or
something? For ordinary users, names are more confusing than the
debate.
--
William