Its common security knowledge gets() is unsafe. It has
no bounds checking. I only talk about security and
ease of use. Its the only thing I like to talk about.
:)

I love security.

from my manpages-- SECURITY CONSIDERATIONS
The gets() function cannot be used securely.  Because
of its lack of
     bounds checking, and the inability for the
calling program to reliably
     determine the length of the next incoming line,
the use of this function
     enables malicious users to arbitrarily change a
running program's func-
     tionality through a buffer overflow attack.


---------

There are many other insecure function calls. The
knowledge on how to use them properly is very nice to
have. Which most people lack. Also using printf() for
certain types of usage can lead to exploits. buffer
overflow problems, etc.

btw, I am a BSD dragon. So expect to get information
like this from me ;)

I bite, be careful

--David Ross

--- Mikael Brockman <mikael / phubuh.org> wrote:

> David Ross <drossruby / yahoo.com> writes:
> 
> > Yes, that is the 20 million story. I smile at that
> one
> > still. Someone please fwap() me if I ever make a
> > release with a bug like that :)
> > 
> > It is equally important in any language that
> mistakes
> > are not made like this. They are very dangerous. I
> am
> > curious on the print functions in Ruby as to if
> the
> > ones that are unsafe to use in certain
> applicatoins
> > are equally unsafe in Ruby. Of course gets() is
> > unsafe, it is in every language.
> 
> Huh?  Why?
> 
> 
> 



		
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush