Date: Mon, 13 Aug 2001 17:40:01 -0700 From: Seth Kingsley <seth.kingsley@windriver.com> To: Kris Kennaway <kris@obsecurity.org>, obrien@freebsd.org Cc: audit@freebsd.org Subject: Re: WFORMAT=1 errors Message-ID: <20010813174001.B33585@meow.lab.nuxi.com> In-Reply-To: <20010810202002.A49763@xor.obsecurity.org>; from kris@obsecurity.org on Fri, Aug 10, 2001 at 08:20:02PM -0700 References: <20010810182125.A47936@xor.obsecurity.org> <20010810194150.A71696@meow.lab.nuxi.com> <20010810202002.A49763@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--cvVnyQ+4j833TQvp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 10, 2001 at 08:20:02PM -0700, Kris Kennaway wrote: > On Fri, Aug 10, 2001 at 07:41:50PM -0700, Seth Kingsley wrote: > > On Fri, Aug 10, 2001 at 06:21:26PM -0700, Kris Kennaway wrote: > > > In the meantime, does anyone feel like fixing some of > > > the following from usr.bin/ > >=20 > > I'll take usr.bin/make, I've been working on some other modernizations > > of it recently. >=20 > Excellent, thanks! I'm running into a problem here with format strings that are being used safely as pointers to string constants, but eliciting warnings because they are not literal string constants. The following test program should _not_ cause warnings because of a non-constant format. Unless I am misunderstanding the purpose of this kind of format parameter auditing, passing a pointer to string const should be perfectly acceptable. And as it is used in usr.bin/make, there is obviously no security issue with this. #include <stdio.h> int main(void) { const char *fmt =3D "%s\n"; printf(fmt, "Hello World"); return 0; } I tried to modify /usr/src/contrib/gcc.295/c-common.c:check_format_info to test the qualifiers of the string passed instead of merely testing against it being a string constant. I could not discern how to trace the parse tree for the format parameter back to the qualifiers used in it's decleration. This is something that somebody else would be able to figure out much more readily. If David is not willing to look at this right now, then maybe I can appeal to the NetBSD people, where this type of warning option came from? --=20 || Seth Kingsley || Platforms Lab Opps || seth.kingsley@windriver.com || --cvVnyQ+4j833TQvp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7eHNhD1AymFxBOwgRAubDAJwIBZNe23B8AYF1U5M5/jp5KC0JkwCfbvj1 Dh0+XUfInmFuKUIvzF8FH1A= =tAbw -----END PGP SIGNATURE----- --cvVnyQ+4j833TQvp-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010813174001.B33585>