Slashdot Mirror

← Back to Stories (view on slashdot.org)

String Cleanup Results On OpenBSD

Posted by timothy on Tuesday April 22, 2003 @02:17AM from the theo-apologizes-for-a-pun dept.

Dan writes "OpenBSD's Theo De Raadt provides an update on his team's efforts to remove potential buffer overflows within OpenBSD code by always calculating what the bounds of an operation are. They have been going through the source tree cleaning out all calls to sprintf(), strcpy(), and strcat(). Theo says that they have removed (replaced) approximately 2000 occurences of these functions." (The same buffer overrun-squashing effort was mentioned earlier this month.)

1 of 53 comments (clear)

Min score:

Reason:

Sort:

Re:OpenBSD by duffbeer703 · 2003-04-22 05:12 · Score: 1, Flamebait

According to Theo, the OpenBSD team is continuously auditing OpenBSD code. Is Theo re-writing grep because he has an issue with whomever wrote it thirty years ago?

Unchecked string problems have been known since the standard C libraries came out. I first heard about them around 1995.

All I'm trying to say is that OpenBSD would be a much more secure system if Theo spent more time working on it rather than grandstanding.

--
Conformity is the jailer of freedom and enemy of growth. -JFK