On 20 July 2014 18:44, JD <jd1008@xxxxxxxxx> wrote:
On Sun, Jul 20, 2014 at 5:37 AM, Ian Malone <ibmalone@xxxxxxxxx> wrote:> Remove or comment line 42: __FBSDID("$FreeBSD
>
> On 20 July 2014 05:59, Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote:
> > On 07/20/14 12:21, Cameron Simpson wrote:
> >> On 19Jul2014 19:08, JD <jd1008@xxxxxxxxx> wrote:
> >>> is there an analog for it in Linux?
> >>
> >> More context?
> >
> >
> > I had to look it up to find the FreeBSD man-page.
> >
> > The leave utility waits until the specified time, then reminds you that you have to leave. You are reminded 5 minutes and 1 minute before the actual time, at the time, and every minute thereafter. When you log off, leave exits just before it would have printed the next message.
> >
>
> It's a very hard command name to search for, but I don't think it's
> normally packaged for Linux. However it's basically a single file in
> the BSD tree which seems to compile and run okay under Linux, if you
> go to:
> https://svnweb.freebsd.org/base/head/usr.bin/leave/
> You can open leave.c then select download.quot;);
Thanx Ian.
> Then compile and enjoy your somewhat annoying reminder utility.
>
That version, although dated, is the one that
does not use the buffer overflow func calls puts, and fputs.
It uses the write system call.
To be honest I didn't check the code, but figured the most up to date FreeBSD would be the best choice. NetBSD's original version also uses write and the original commits in 1993/1994 used write. Current NetBSD appears to use puts.
I'd add fputs is not a buffer overflow risk. It is potentially a buffer over-read risk and using write in itself does not particularly protect you (indeed, heartbleed was caused by passing an unchecked read length, not an unterminated string). In these cases puts is used on a constant string defined in the source, which is no better or worse than the original approach of #define-ing the string and using sizeof MSG - 1 to get the length for write.
I'd add fputs is not a buffer overflow risk. It is potentially a buffer over-read risk and using write in itself does not particularly protect you (indeed, heartbleed was caused by passing an unchecked read length, not an unterminated string). In these cases puts is used on a constant string defined in the source, which is no better or worse than the original approach of #define-ing the string and using sizeof MSG - 1 to get the length for write.
--
imalone
http://ibmalone.blogspot.co.uk
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
