Date: Tue, 27 Mar 2001 14:13:03 -0500 (EST) From: "Andrew R. Reiter" <arr@watson.org> To: security@freebsd.org, hackers@freebsd.org Subject: man pages for format string functions Message-ID: <Pine.NEB.3.96L.1010327140727.94638A-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
hi,
I actually apologize if this is a repeat mail.. I admittedly did not look
through the archives to see if this has been mentioned. Anyway...
Im wondering if there should be a change in perhaps either stdarg(3), or
all of the functions that contain format string parameters to state a
warning about misusage.
For example, in stdarg(3) it says:
If there is no next argument, or if type is not compatible
with the type of the actual next argument (as promoted according
to the default argument promotions), random errors will occur.
While I realize not everyone is using user-input'd format strings when
they pass them to these functions, but perhaps a bit more of a
clarification/note/warning could be mentioned here, such as:
... random errors will occur which might lead to a security
risk.
I am fairly poor with wording man pages, as you can see, but I think it
might be worth while just to point this out.
Thoughts?
Andrew
*-------------.................................................
| Andrew R. Reiter
| arr@fledge.watson.org
| "It requires a very unusual mind
| to undertake the analysis of the obvious" -- A.N. Whitehead
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010327140727.94638A-100000>