tech-userlevel: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5

Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5
To: Chris G. Demetriou <cgd@sibyte.com>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-userlevel
Date: 09/11/2000 14:14:48

> It's not clear to me that losing standards conformance to make
> admittedly-broken programs somewhat more secure is either a good
> thing, or in keeping with the principle of least surprise.

the same argument could be used against the introduction of
snprintf(); applications *should* know how much space they'll need in
advance.

%n turns an otherwise "safe" interface into an interface as dangerous
as gets().

					- Bill