"Secure coding" audit checkers and Kerberos

John Hascall john at iastate.edu
Wed Oct 15 17:23:54 EDT 2008

> >   2) there are some horrible snprintf's out there,
> >      including ones which do little more than call sprintf!

> What platforms are these on?  I think that we do not want to go to
> extreme lengths working around vulnerabilities in OS C libraries.

See https://BuildSecurityIn.us-cert.gov/daisy/bsi-rules/home/g1/838-BSI.html


More information about the krbdev mailing list