retiring gets(3)

[Geoff Collyer]

The recent exposure of the security bug in the 4BSD fingerd caused by
use of gets(3) reminded me that gets is a bug waiting to happen and
should be stamped out.  I have deleted gets from my stdio implementation
(my first ANSI incompatibility!), the folks at Bell Labs Research have
deleted gets from their C library, now it's your turn.  We need to get
the next ANSI C standard, the relevant POSIX standard(s), the next
edition of the SVID, the next System V, the next 4BSD, the next SunOS
and the next release from your favourite C vendor to delete gets.  Let
your vendor know that you want to see gets deleted from its next
release, delete gets.o from your C library, move gets.o to -lgets,
define gets(s) as "gets is unsafe; use fgets(3)"<><><> in your stdio.h;
do whatever you can to help.

If your vendor protests your reasonable request, point out that gets,
as part of stdio, is a decade-old backward compatibility hack for
compatibility with the Sixth Edition UNIX Portable I/O Library, which
was utterly replaced by stdio no later than 1979.  Accept no excuses;
converting programs from using gets to fgets is largely mechanical,
and stripping trailing newlines is trivial to code yourself.

With your help, we can stamp out gets in our lifetimes.
-- 
Geoff Collyer	utzoo!utstat!geoff, geoff at utstat.toronto.edu