http://seclists.org/oss-sec/2014/q4/769 In retrospect, this should not be surprising, but I certainly never thought of it before. My thoughts, now that it's on the table: 1. The price of backwards compatibility seems to include vulnerability, as on Windows. 2. This might be a good reason to use scripting languages like Python etc. for CLI utilities... 3. Or at least languages like (pure) C++ that have safer standard string implementations than C. 4. In the long run, I suspect this will lead to friendlier rewrites of old UNIX utilities, which would be a Good Thing.