From owner-freebsd-hackers Thu Sep 7 21:14:45 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 8B50D37B422; Thu, 7 Sep 2000 21:14:40 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id WAA40865; Thu, 7 Sep 2000 22:14:38 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id WAA51177; Thu, 7 Sep 2000 22:14:28 -0600 (MDT) Message-Id: <200009080414.WAA51177@harmony.village.org> To: Kris Kennaway Subject: Re: How to stop problems from printf Cc: John Doh! , security@FreeBSD.org, hackers@FreeBSD.org In-reply-to: Your message of "Thu, 07 Sep 2000 20:57:07 PDT." References: Date: Thu, 07 Sep 2000 22:14:28 -0600 From: Warner Losh Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message Kris Kennaway writes: : It also needs to check they are all of the same type, as changing a %d to : a %s for example could conceivably be exploitable. And you would have to : forbid escaped % characters as well. Yeah, I think that would be : doable. We probably should talk to the gnu gettext guys. Hmmm, yes, you would have to check as well. I thought I said that originally. No need to forbid %%, however. That's not exploitable unless you nest these things, and then all bets are off. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message