>> Proper and careful use of dynamic string libraries is in any case >> better than fixed-size buffers; they solve the security problem >> (with overflows) and they do not inhibit functionality, as do >> fixed-size buffers. > These are my thoughts also. Static buffers suck. I supose there is > always the danger of intrducing more bugs due to the relative > complexity of such a dynamic scheme however. Of course. There is also the danger that some bozo will start sending you near-infinite strings, which will cause your server to grow effectively without bound, until it finally runs out of VM and tries to write a many-megabyte core dump. Great denial-of-service fodder. :-) > [...dynamic string library...] Anyone have any thoughts, insites, or > experiences? I'm not sure how close this is, but the FTP daemon on my home box is written not in C, but in a language with a real string datatype. It is somehow very comforting to think that this makes it completely invulnerable to buffer-overflowing attacks. (I think it may even be close to true. :-) As a pleasant side effect, the way this language's getpw* primitives work also makes the daemon invulnerable to the getpwent()-overwriting problem too. (The one corresponding to the attack "USER anonymous" / "CWD ~root" / "PASS someone@somewhere".) On the other hand, it is in my opinion unpleasantly large and slow. Since I'm not running a major archive site and don't have hundreds of FTPers beating down the door to get to my stuff, I don't feel this is a practical problem for me. Of course, I'm open to some denial-of-service attacks, but who isn't? The following should do evil things to just about any site running an FTP server: while (1) { s = socket(AF_INET,SOCK_STREAM,0); to.sin_family = AF_INET; to.sin_addr.s_addr = the internet address of the server; to.sin_port = htons(21); connect(s,&to,sizeof(to)); } But big schmeel; change the port number and it will do likewise to any server that isn't extremely careful about stopping accepting connections when there are too many copies running. Even your echo server, maybe; it might even wedge inetd. der Mouse mouse@collatz.mcrcim.mcgill.edu