Re: ftpd and setproctitle()

[peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)]

On Fri, 7 Jul 2000, D. J. Bernstein wrote:

> Move gets() to /usr/lib/libbugpronestandards.a.

A sufficiently recent version of glibc with a sufficiently recent version
of ld from GNU binutils will print an annoying message when you ask it to
link a program using gets() (and perhaps other functions considered
dangerous).

> For several years I've been systematically identifying and redesigning
> bug-prone interfaces. I don't have any more memory leaks, for example,
> because I'm now using memory-allocation interfaces where leaks are more
> difficult to write than correct code.

Can you enlighten us, please? You certainly do not speak about alloc() and
alloc_free() (more or less wrappers for standard malloc() and free() for
those who have never seen any DJB code). Avoiding complex data structures
(esp. if their lifespan is not global) and making programs small so they
can die whenever something wrong happens (letting the kernel builtin
"garbage collector" clean up) is more a matter of style than of an
interface. Perhaps you speak about your stralloc stuff?

> In 1996, when I identified the flaw under discussion in setproctitle()
> et al., I worked out several solutions. Simplest was to make sure that
> typical strings fail miserably as format strings. Replace setproctitle()
> with a setproctitlex() that

The simplest solution for setproctitle() is to get rid of that function
completely. It is next to useless and its careless use can lead to a
serious information leakage: once upon a time, one in.ftpd used to publish
PASS command together with its argument (i.e. the password).

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."