Date: Wed, 04 Apr 2001 10:12:57 -0700 From: Bengt Richter <bokr@accessone.com> To: Dima Dorfman <dima@unixfreak.org> Cc: freebsd-doc@freebsd.org Subject: Re: docs/26286: format string warnings in man pages. Message-ID: <5.0.2.1.1.20010404092059.00aeebf0@mail.accessone.com> In-Reply-To: <200104040120.f341K4R75749@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 18:20 2001-04-03, you wrote:
>The following reply was made to PR docs/26286; it has been noted by GNATS.
>
>From: Dima Dorfman <dima@unixfreak.org>
>To: Bengt Richter <bokr@accessone.com>
>Cc: freebsd-gnats-submit@freebsd.org
>Subject: Re: docs/26286: format string warnings in man pages.
>Date: Tue, 03 Apr 2001 18:15:57 -0700
>
> Bengt Richter <bokr@accessone.com> writes:
> > (I am implicitly suggesting that security risk documentation
> > be accumulated in a single place for reference and browsing.
^^^^^^^^^
> > This would serve several goals at once, not least of which is
> > a single instance of explanatory text to update when appropriate.
>
> We already have this: http://www.FreeBSD.org/security/#spg
>
Which is good, but to refer to specific paragraphs/concepts
via a link from a footnote, #spg would need paragraph numbers
or other identifiers. The more #spg grows, the more the need
for paragraph/section identifiers for reference.
> In a perfect world, most security bugs being found right now wouldn't
> exist because all programmers would read that, and all the sites that
> page links to, and know that passing the wrong data to the wrong
> format specifier is a recipe for [security] disaster; unfortunately,
> we don't live in a perfect world. Some programmers don't even bother
> reading the man pages to look for security warnings, and many more
> didn't read that page.
>
> The best thing we can do is stick this information in their face.
Would you (e.g.) want to put #warning lines in <stdio.h> ?
Or configure make to call a new tool that scans for risky
stuff listed in a .conf file, and issues warnings that you
have to know what you're doing to turn off?
Or modify <stdio.h> etc. with conditionals so you have to define
USE_RISKY_PRINTF or USE_RISKY_XXX to use a call to a risky XXX
(or else get a warning lecture via #warning lines) ?
How in-your-face do you want to get ;-) Hm. Actually, maybe that
wouldn't be so bad if you could disable it wholesale with
-DNO_USE_RISKY or something.
Of course, this wouldn't flag risky stuff you coded yourself.
> Sticking outdated, wrong, or incomplete information in their face
> doesn't make the problem better, however. That was my original
> concern; if the information mentioned in each man page is incomplete
Using references to centralized info makes it easier to maintain
"complete" info, I would think. Also implies less updates to the
referring docs, and little or no consistency/duplications problems
between referring docs.
> (and the patch submitted was), it may lead some to think that by
> reading that they know enough, and not bother to investigate further.
Would they bother to click a live hyperlink in an HTML version?
>
> That said, I'd like to make it clear that I'm not opposed to the patch
> in general. I'm just concerned that keeping it up to date will be a
> pretty big problem, and thus it may end up doing more harm than good.
A reason for a centralized single-instance info representation,
which can be referred to instead of sliced and duplicated, IMHO.
Regards,
Bengt Richter
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20010404092059.00aeebf0>