> If so, that doesn't seem like a good thing for everyone else on the
> Internet...

So, sorry to disappoint you, but we all have limited time.

Shortly after the general class of "format string vulnerabilities"
became known, I did a sweep through the NetBSD sources with the aid of
an enhanced gcc -Wformat check (the very concept of which was rejected
by a gcc type, go figure -- one of several people who needlessly made
this effort more difficult).

I found *several hundred* cases where variable strings were passed as
the format parameter argument for one of the printf-like functions.

In the interest of doing this as quickly as possible, I did not stop
to analyze which of these particular coding errors were "exploitable".

At the end of this sweep, my brain had turned to jello, and my day job
demanded my full attention again.

Someone else then took my diffs, tested them, and applied them to the
NetBSD sources.

					- Bill