From owner-freebsd-doc  Wed Jan  9  8:32: 3 2002
Delivered-To: freebsd-doc@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id E36CA37B419; Wed,  9 Jan 2002 08:32:00 -0800 (PST)
Received: from localhost (arr@localhost)
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id g09GVra43572;
	Wed, 9 Jan 2002 11:31:53 -0500 (EST)
	(envelope-from arr@FreeBSD.org)
X-Authentication-Warning: fledge.watson.org: arr owned process doing -bs
Date: Wed, 9 Jan 2002 11:31:53 -0500 (EST)
From: "Andrew R. Reiter" <arr@FreeBSD.org>
X-Sender: arr@fledge.watson.org
To: Nik Clayton <nik@FreeBSD.org>
Cc: Dima Dorfman <dima@unixfreak.org>, freebsd-doc@FreeBSD.org
Subject: Re: docs/26286: format string warnings in man pages.
In-Reply-To: <20020109133657.C24425@clan.nothing-going-on.org>
Message-ID: <Pine.NEB.3.96L.1020109113125.43328B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

On Wed, 9 Jan 2002, Nik Clayton wrote:

:On Mon, Apr 02, 2001 at 06:40:02PM -0700, Dima Dorfman wrote:
:>  The idea behind this is great, but I don't really like how the above
:>  text is duplicated everywhere.  It seems unnatural.  Ideally, the
:>  above would be replaced with a "see something(3) for information on
:>  what [a format string] implies".  Unfortunately, I don't know what
:>  this something(3) should be; printf(3) is the first thing that comes
:>  to mind, but printf(3) documents a particular function; it just so
:>  happens that most C programmers' first sight of a format string was in
:>  the context of a call to printf().
:
:There's a "Secure Programming" chapter in the Developer's Handbook.
:Mike, could you put together some suitable text that could form the
:basis of a "format string problems" section in there?
:

Don't forget www.freebsd.org/security/

--
Andrew R. Reiter
arr@watson.org
arr@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message