Yes Poettering implemented his own "gets()"... As predicted, #systemd = security disaster. http://goo.gl/J6SBbW http://ewontfix.com/14/
@DavidStrauss @PowerDNS_Bert The change is silently fixing code that was equivalent to gets() that affected #systemd's password-entry.
-
-
@RichFelker@PowerDNS_Bert I see how it's a silent fix now. Is there a standard, non-blocking function that would have been safer? -
@DavidStrauss@PowerDNS_Bert The problem wasn't implementing their own function but making the classic "gets() mistake" when doing it. -
@richfelker@davidstrauss@powerdns_bert Using (an equivalent to) gets() at all is a problem too: http://www.drpaulcarter.com/cs/common-c-errors.php#4.4 … -
@macmark_de@RichFelker@PowerDNS_Bert You missed the point of this conversation. We know gets() is bad. That is why we compared code to it.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.