the unix leave command
Ian Malone
ibmalone at gmail.com
Sun Jul 20 20:58:04 UTC 2014
On 20 July 2014 18:44, JD <jd1008 at gmail.com> wrote:
> On Sun, Jul 20, 2014 at 5:37 AM, Ian Malone <ibmalone at gmail.com> wrote:
> >
> > On 20 July 2014 05:59, Ed Greshko <ed.greshko at greshko.com> wrote:
> > > On 07/20/14 12:21, Cameron Simpson wrote:
> > >> On 19Jul2014 19:08, JD <jd1008 at gmail.com> wrote:
> > >>> is there an analog for it in Linux?
> > >>
> > >> More context?
> > >
> > >
> > > I had to look it up to find the FreeBSD man-page.
> > >
> > > The leave utility waits until the specified time, then reminds you
> that you have to leave. You are reminded 5 minutes and 1 minute before the
> actual time, at the time, and every minute thereafter. When you log off,
> leave exits just before it would have printed the next message.
> > >
> >
> > It's a very hard command name to search for, but I don't think it's
> > normally packaged for Linux. However it's basically a single file in
> > the BSD tree which seems to compile and run okay under Linux, if you
> > go to:
> > https://svnweb.freebsd.org/base/head/usr.bin/leave/
> > You can open leave.c then select download.
> > Remove or comment line 42: __FBSDID("$FreeBSDquot;);
>
> > Then compile and enjoy your somewhat annoying reminder utility.
> >
> Thanx Ian.
> That version, although dated, is the one that
> does not use the buffer overflow func calls puts, and fputs.
> It uses the write system call.
>
>
> To be honest I didn't check the code, but figured the most up to date
FreeBSD would be the best choice. NetBSD's original version also uses write
and the original commits in 1993/1994 used write. Current NetBSD appears to
use puts.
I'd add fputs is not a buffer overflow risk. It is potentially a buffer
over-read risk and using write in itself does not particularly protect you
(indeed, heartbleed was caused by passing an unchecked read length, not an
unterminated string). In these cases puts is used on a constant string
defined in the source, which is no better or worse than the original
approach of #define-ing the string and using sizeof MSG - 1 to get the
length for write.
--
imalone
http://ibmalone.blogspot.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20140720/9b655c4e/attachment.html>
More information about the users
mailing list