From owner-freebsd-hackers  Thu Sep  7 21:14:45 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8B50D37B422; Thu,  7 Sep 2000 21:14:40 -0700 (PDT)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id WAA40865;
	Thu, 7 Sep 2000 22:14:38 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id WAA51177; Thu, 7 Sep 2000 22:14:28 -0600 (MDT)
Message-Id: <200009080414.WAA51177@harmony.village.org>
To: Kris Kennaway <kris@FreeBSD.org>
Subject: Re: How to stop problems from printf 
Cc: John Doh! <johndoh_@hotmail.com>, security@FreeBSD.org,
	hackers@FreeBSD.org
In-reply-to: Your message of "Thu, 07 Sep 2000 20:57:07 PDT."
		<Pine.BSF.4.21.0009072054310.73211-100000@freefall.freebsd.org> 
References: <Pine.BSF.4.21.0009072054310.73211-100000@freefall.freebsd.org>  
Date: Thu, 07 Sep 2000 22:14:28 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <Pine.BSF.4.21.0009072054310.73211-100000@freefall.freebsd.org> Kris Kennaway writes:
: It also needs to check they are all of the same type, as changing a %d to
: a %s for example could conceivably be exploitable. And you would have to
: forbid escaped % characters as well. Yeah, I think that would be
: doable. We probably should talk to the gnu gettext guys.

Hmmm, yes, you would have to check as well.  I thought I said that
originally.  No need to forbid %%, however.  That's not exploitable
unless you nest these things, and then all bets are off.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message