0336454503
This program has 10 calls to gets(3) according to grep(1). That
makes it a very unsafe program which should not be used at all.
Let's kill the program already.
See what gets(3) has to say:
SYNOPSIS
#include <stdio.h>
[[deprecated]] char *gets(char *s);
DESCRIPTION
Never use this function.
...
BUGS
Never use gets(). Because it is impossible to tell with‐
out knowing the data in advance how many characters
gets() will read, and because gets() will continue to
store characters past the end of the buffer, it is ex‐
tremely dangerous to use. It has been used to break com‐
puter security. Use fgets() instead.
For more information, see CWE‐242 (aka "Use of Inherently
Dangerous Function") at http://cwe.mitre.org/data/defini‐
tions/242.html
Acked-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
||
|---|---|---|
| .. | ||
| adduser2.sh | ||
| adduser.c | ||
| adduser.sh | ||
| atudel | ||
| groupmems.shar | ||
| Makefile.am | ||
| pwdauth.c | ||
| README | ||
| shadow-anonftp.patch | ||
| udbachk.tgz | ||
People keep sending various adduser programs and scripts... They are all in this directory. I haven't tested them, use at your own risk. Anyway, the best one I've seen so far is adduser-3.x from Debian. atudel is a perl script to remove at jobs owned by the specified user (atrm in at-2.9 for Linux can't do that). udbachk.tgz is a passwd/group/shadow file integrity checker. --marekm