Slashdot

News for nerds, stuff that matters

After Six Years Of Work and Over 360 Patches, Linux 7.2 Finally Removes Bug-Prone strncpy

Tech Times reports:

Linux 7.2's merge window closed out a cleanup campaign on Friday that most kernel developers had stopped expecting to see end: the complete removal of strncpy(), a C string-copy function that the kernel's own documentation labels "actively dangerous," from every subsystem, driver, and architecture-specific file in the kernel source tree.

The merge landed June 20, 2026. After around 362 commits spread across six years of incremental work, no call site using the function remained, and the function itself — including the last per-CPU-architecture optimized implementations — was struck from the source. The removal matters beyond housekeeping. strncpy() is a persistent source of a specific class of memory error: kernel buffers that contain sensitive data can leak bytes past an unterminated string boundary, a pattern that enables memory disclosure vulnerabilities. Eliminating the function from the tree removes that entire class from the kernel's attack surface — and, critically, makes strncpy() unavailable to any future contributor, turning a best-practice suggestion into an enforced policy.

Phoronix notes it's replaced by five different functions:


In place of strncpy, Linux kernel code should use strscpy() for NUL terminated destinations, strscpy_pad() for NUl-terminated destinations with zero-padding, strtomem_pad() for non-NUL-terminated fixed-width fields, memcpy_and_pad() for bounded copies with explicit padding, or memcpy() for known-length memory copies.


"The reason five functions were needed," explains Tech Times, "is that different parts of the kernel were using strncpy() for five semantically distinct memory operations — each with a different intent, different termination requirement, and different padding behavior. "



The original function obscured all of those differences under a single ambiguous name. The 362-commit campaign to replace it was, in effect, a codebase-wide audit that forced every call site to declare its actual intent in code That is an engineering outcome with lasting value: the kernel's string-handling semantics are now explicit where they were previously implicit, and future maintainers can read a function name and understand what a copy operation actually does.

Read more of this story at Slashdot.

A Canopy of Colored umbrella's

BertvB posted a photo:

A Canopy of Colored umbrella's

A captivating abstract perspective of the spectacular umbrella-covered ceiling inside Pantropica (formerly Orchideeënhoeve) in Luttelgeest, Netherlands.

Mr Holmes Bakehouse

Thomas Hawk posted a photo:

Mr Holmes Bakehouse

Found Ektachrome Slide

Thomas Hawk posted a photo:

Found Ektachrome Slide

date stamped on slide, July 1975

VK: Voorpagina

Volkskrant.nl biedt het laatste nieuws, opinie en achtergronden

België met tien man tegen Iran na rood voor verdediger Nathan Ngoy • Oppermachtig Spanje snel klaar met Saoedi-Arabië

Iran blijft verder onderhandelen ondanks dreigementen Trump

België komt voor rust twee keer goed weg tegen Iran • Oppermachtig Spanje snel klaar met Saoedi-Arabië

Woodcuts by Munakata

artbwf has added a photo to the pool:

Woodcuts by Munakata

From a book of his prints


The Guardian

Latest news, sport, business, comment, analysis and reviews from the Guardian, the world's leading liberal voice

Uruguay v Cape Verde: World Cup 2026 – live

⚽️ Kick-off: 6pm local time/11pm BST/8am (Mon) AEST
⚽️ Player guide | Bracketology | Golden Boot | Email Beau

Beau will be here shortly. In the meantime, here’s what to know about Uruguay and Cape Verde before they meet in a few hours in Miami.

Uruguay

Continue reading...

Too many people are shockingly bad at prioritisation

Choosing where to focus is among the most important skills.