Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!quintus!ok
From: ok@quintus.uucp (Richard A. O'Keefe)
Newsgroups: comp.lang.c
Subject: Re: retiring gets(3)
Message-ID: <682@quintus.UUCP>
Date: 16 Nov 88 02:03:44 GMT
References: <1988Nov14.220842.3980@utstat.uucp>
Sender: news@quintus.UUCP
Reply-To: ok@quintus.UUCP (Richard A. O'Keefe)
Organization: Quintus Computer Systems, Inc.
Lines: 12

In article <1988Nov14.220842.3980@utstat.uucp> geoff@utstat.uucp (Geoff Collyer) writes:
>Any program which uses gets(3) can be corrupted by giving it a
>long-enough input line.  There is no protection possible against such an
>attack

There is a false assumption in this, namely that an attacker can control
the input to every program.  If I have a program which _only_ I have
permision to execute, and I _always_ use it in a pipeline (or in a
command script), and the preceding program in the pipeline (or script)
always generates sufficiently short lines, it is safe to use gets().
The input to such a program is _every_ bit as much under my control as
the source argument of strcpy().