sprintf buffer overflow in the string library https://github.com/LuaDist/lua/commit/52eff16f51750cf47afaa5...

This library is not included in NetBSD as far as I can tell: http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/modules/lua/?onl...

But it's an indication that it shouldn't be included in a Kernel.

There were buffer overflows in the Linux kernel in 2012 ( http://www.securityfocus.com/bid/53401 ). Should we not have filesystems in the kernel either?

Certainly the string library, of all places, should be using secure code.

I'm sure there are sooo many people running Linux on pre-OSX Mac harddrives formatted with HFS that could be hacked with a buffer overflow.

Are you seriously arguing that buffer overflows in the kernel are not a big deal?

Well... No, if you're a proponent of the micro-kernel design.

You linked to a 24,000 line diff to point out what exactly?

wait for it... the exact section of the code that contains the "sprintf" I mentioned will pop into your screen. Just be patient.

GP was probably in response to ketralnis' comment. :)

recuter's comment already existed when I wrote mine, so it couldn't be in response to me