Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!uflorida!haven!adm!xadmx!jb@cs.brown.edu
From: jb@cs.brown.edu
Newsgroups: comp.unix.wizards
Subject: Re: Implications of recent virus (Trojan Horse) attack
Message-ID: <17580@adm.BRL.MIL>
Date: 18 Nov 88 12:16:02 GMT
Sender: news@adm.BRL.MIL
Lines: 20

There are a couple other points where problems similar to gets()
overflowing its buffer might arise.  Normal usage of scanf() and
fscanf() can lead to the same problem if trying to read a string
in from someplace.  It is easy to specify the buffer size in the
format, but I have rarely seen this done.

For setuid programs, curses leaves this same type of hole open
with several of its input routines.  There are routines like both
gets() and scanf().

The issue of strcpy() and sprintf() can be worked around, but read
code that uses them and you will find that most programmers do not
put all the careful checks to make sure that the buffer is not over
run.  Maybe a good reminder of this problem is needed to get people
to clean up.

				Jim Bloom
				Brown University
				jb@cs.brown.edu
				uunet!brunix!jb