C Community's Cavalier Attitude On Software Reliability
Eric S. Raymond
eric at snark.uu.net
Wed Mar 7 00:45:10 AEST 1990
In <16085 at haddock.ima.isc.com> Karl Heuer wrote:
> In article <8230 at hubcap.clemson.edu> billwolf%hazel.cs.clemson.edu at hubcap.clemson.edu writes:
> > 1) Unix. (Example: the problem in which the double-length password
> > was used by an intruder to bypass security, taking
> > advantage of C's lack of boundary checking)
>
> Every instance that I can think of where a password is required, getpass() is
> used. This routine does its own bounds-checking. I don't suppose you have
> any more data about this incident?
This sounds like a somewhat garbled description of a known hole in SunOS. As
Sun still hasn't fixed it, I shall say no more about it here. E-mail inquiries
from root or anyone whose name I can instantly recognize as a Good Guy will be
answered in more detail.
--
Eric S. Raymond = eric at snark.uu.net (mad mastermind of TMN-Netnews)
More information about the Comp.lang.c
mailing list