From owner-freebsd-current@FreeBSD.ORG Wed Sep 8 17:13:49 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 660C010656C1 for ; Wed, 8 Sep 2010 17:13:49 +0000 (UTC) (envelope-from mdf356@gmail.com) Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 0B4FF8FC17 for ; Wed, 8 Sep 2010 17:13:48 +0000 (UTC) Received: by gyg4 with SMTP id 4so183514gyg.13 for ; Wed, 08 Sep 2010 10:13:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=INHYblSdZidHVBFnX1pW7O3ao8Qnwx4/I9UePz5HRBM=; b=BtFfckP9ZzbooPWshIR/JgQSXD5W1OqUYbqY9ax91Mupyj7F3x2jKrXP/kM55qJ/jb HscrrD+9I23qDVi/EJidt9Q1cpxyyG34whvPwTY6+5GAvoNiN6RqqBWUdxWoSIAxBuhJ zprVVg64sisqx4zFSbfKGM0YpY2pD46AkDdQo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=w9LKAHxq+O9EusxN2dVHjxGVfcN+w35q/12JAFD3dVxRGvBn5MX5DmzEs4BI2tKAI6 t6ls/xfma9E7IHJasWRQdTWkzGksndBfujOJU+neTkopK/W7lrkfAL0M7mFKZMr/Lh/p 3ITqk8z7eTp9r7dsyXXvhvqxSFNauEaQGR6+E= MIME-Version: 1.0 Received: by 10.101.155.28 with SMTP id h28mr189414ano.24.1283966011043; Wed, 08 Sep 2010 10:13:31 -0700 (PDT) Sender: mdf356@gmail.com Received: by 10.100.126.20 with HTTP; Wed, 8 Sep 2010 10:13:30 -0700 (PDT) In-Reply-To: <20100908161531.GJ37467@rink.nu> References: <20100908161531.GJ37467@rink.nu> Date: Wed, 8 Sep 2010 10:13:30 -0700 X-Google-Sender-Auth: CWUpLeMjvE9W2u0iZVVOjr-Aiq4 Message-ID: From: mdf@FreeBSD.org To: Rink Springer Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-current@freebsd.org Subject: Re: deprecating sprintf(9) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Sep 2010 17:13:49 -0000 On Wed, Sep 8, 2010 at 9:15 AM, Rink Springer wrote: > Hi, > > On Wed, Sep 08, 2010 at 08:51:57AM -0700, mdf@FreeBSD.org wrote: >> It seems like a large project, but OTOH sprintf(9) is mighty unsafe in >> the kernel. =A0It's disapproved of for user-space as being unsafe for >> security reasons as well, but the potential downsides aren't the same, >> and we'll never clean up ports anyways. :-) > > Deprecating it may be usable, yet I don't believe we can easily enforce > such a policy [1]. If the kernel sources don't use it then the prototype can be removed. > Have you looked at how many (potentially) unsecure > uses there are in the kernel, to give an idea how useful such an effort > would be? I presume all the kernel uses are safe at the moment, but it's an error prone construction. As of this morning grep found 1277 occurrences of sprintf(9) in sys/ and 23 occurrences of vsprintf(9) in sys/. Thanks, matthew