Xref: utzoo comp.lang.c:26568 comp.software-eng:3058
Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!uunet!snorkelwacker!spdcc!ima!haddock!karl
From: karl@haddock.ima.isc.com (Karl Heuer)
Newsgroups: comp.lang.c,comp.software-eng
Subject: Re: C Community's Cavalier Attitude On Software Reliability
Message-ID: <16085@haddock.ima.isc.com>
Date: 5 Mar 90 03:07:18 GMT
References: <802@xyzzy.UUCP> <8230@hubcap.clemson.edu>
Reply-To: karl@haddock.ima.isc.com (Karl Heuer)
Organization: Interactive Systems, Cambridge, MA 02138-5302
Lines: 10

In article <8230@hubcap.clemson.edu> billwolf%hazel.cs.clemson.edu@hubcap.clemson.edu writes:
>    1) Unix.  (Example: the problem in which the double-length password
>                        was used by an intruder to bypass security, taking
>                        advantage of C's lack of boundary checking)

Every instance that I can think of where a password is required, getpass() is
used.  This routine does its own bounds-checking.  I don't suppose you have
any more data about this incident?

Karl W. Z. Heuer (karl@ima.ima.isc.com or harvard!ima!karl), The Walking Lint