Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5
To: None <firstname.lastname@example.org>
From: Chris G. Demetriou <email@example.com>
Date: 09/11/2000 11:01:58
firstname.lastname@example.org (Bill Sommerfeld) writes:
> The %n format specifier is not used very often -- I've been unable to
> find any use of it within the NetBSD source tree.
the former does not follow from the latter. I agree it's not used
very often, but i have used it in some cases if i recall correctly
(not in NetBSD).
I agree with those who say that it's the users of the untrusted format
strings who are at fault here.
It's not clear to me that losing standards conformance to make
admittedly-broken programs somewhat more secure is either a good
thing, or in keeping with the principle of least surprise.
Adding a function to disable it -- thereby making NetBSD programs that
call the function less portable, and giving them an more of an excuse
to ignore the need for real security checking -- doesn't seem the
right thing either.