Slashdot Mirror

← Back to Stories (view on slashdot.org)

String Cleanup Results On OpenBSD

Posted by timothy on from the theo-apologizes-for-a-pun dept.

Dan writes "OpenBSD's Theo De Raadt provides an update on his team's efforts to remove potential buffer overflows within OpenBSD code by always calculating what the bounds of an operation are. They have been going through the source tree cleaning out all calls to sprintf(), strcpy(), and strcat(). Theo says that they have removed (replaced) approximately 2000 occurences of these functions." (The same buffer overrun-squashing effort was mentioned earlier this month.)

1 of 53 comments (clear)

  1. OpenBSD by duffbeer703 · · Score: 1, Troll

    These guys have been claimng to be super-secure and constantly performing security audits on the OpenBSD code for years.

    Yet they've launched a major effort to cleanup 2,000 unsafe string functions in the last two months...

    What has Theo been doing all this time other than being an obnoxious prima donna and re-writing packet filters because of some minor squabble?

    --
    Conformity is the jailer of freedom and enemy of growth. -JFK