On Mon, 11 Sep 2000, Bill Sommerfeld wrote:

: All known non-denial-of-service format string exploits involve the use
: of the %n specifier, which pulls an argument out of the argument list,
: interprets it as an (int *), and stores the character count of the
: current output into it.  

Given that it's required by SUSv2 and POSIX to be available at all times....

I could see a function provided to _disable_ it, not enable it.  Any program
written to be suid shouldn't be trusting third-party format strings at all,
but if they do, then we coupld provide those programs with such a tool.
<sigh>

-- 
-- Todd Vierling <tv@wasabisystems.com>  *  http://www.wasabisystems.com/
-- Speed, stability, security, and support.  Wasabi NetBSD:  Run with it.