Even worse (was Re: Google Code Search)

Marvin Humphrey marvin at rectangular.com
Fri Oct 6 15:24:33 BST 2006


On Oct 6, 2006, at 6:57 AM, Andy Armstrong wrote:

> Are you saying /any/ use of gets() is bad? Most of the examples I  
> read on the first two pages don't seem to present much in the way  
> of risk.

No, though the manpage does say just that.  :)  The point was more  
general: maybe the search tool can be used to uncover potential  
vulnerabilities.  If not with gets(), maybe with something else in  
the future.

Marvin Humphrey
Rectangular Research
http://www.rectangular.com/




More information about the london.pm mailing list