Security is such a hot topic right now. Unfortunately, people's platform biases frequently stop them from making logical statements. Michael Howard is a security expert at Microsoft, and the author of the excellent book, Writing Secure Code. I came into contact with him indirectly a couple of times while I was working there, and there is no doubt that he knows his stuff. Today on his weblog, he discusses an interesting feature of the new Secure C Runtime being distributed with the next version of Visual Studio. Unfortunately, he makes one slightly misleading comment:
On Windows, this would generally not be a security bug as the code can only run as you. But if this were in an elevated process, such as a setuid root application on Linux, Mac OS X or Unix, then this would be a bad security bug requiring a fix.
I'll give Mr. Howard the benefit of the doubt. I don't think he intentionally means to mislead people. He is completely correct: In this particular example, where the buffer is coming from the command line, it is not a security problem on Windows. However, if that buffer was coming from some other source, such as a file or the Internet, this would be a problem because a large fraction (99% ?) of the users out there are logged in as Administrator, and because most of the daemons run as Administrator or System. Basically, using the old, unsafe string library routines is a security bug on all platforms.