cvs commit: src/lib/libc/gen check_utility_compat.c confstr.c fmtmsg.c getgrent.c getpwent.c src/lib/libc/include namespace.h un-namespace.h src/lib/libc/locale setlocale.c src/lib/libc/net getaddrinfo.c gethostbydns.c getnameinfo.c hesiod.c ...

[David O'Brien]

On Tue, Apr 29, 2003 at 10:18:56PM -0500, Jacques A. Vidrine wrote:
> I chose to hide strlcpy/strlcat anyway because I am far from certain
> that qpopper is the only application supplying its own (working or
> not) implementations.  We don't want to call those from within libc,
> ever.  It is too risky.

Why is it "too risky"?  If the software is setuid, LD_LIBRARY_PATH and
LD_PRELOAD won't work.  If it is run with normal user-level privs,
well... there are *plenty* of ways to add "risk".  Foot... gun... pull
trigger...  It is not our place or responsibility to go to these lengths
to protect users.  I strongly don't want to see a lot of libc function
hiding and alternate symbols.

--
-- David  (obrien at FreeBSD.org)