Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5
To: None <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 09/11/2000 16:48:42
[ On Monday, September 11, 2000 at 15:45:58 (-0400), Bill Sommerfeld wrote: ]
> Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5
> Fixing and issuing advisories for format string bugs may end up
> consuming a significant fraction of the security officer's bandwidth.
> I'd like someone who's advocating keeping %n enabled by default to
> step forward and volunteer to handle fixing and issuing advisories for
> all current and future format-string security problems discovered in
> NetBSD and NetBSD packages.
Like Chris has said twice already, those bugs will exist with or without
'%n' (i.e. they already exist and are already very dangerous) and they
must be fixed anyway!
Sticking one's head in the sand and pretending the problem will go away
if you take '%n' support out of printf() et al is only making everyone's
job harder, including that of the NetBSD Security Officer, while at the
same time creating a non-standard implementation.
You may as well just do `rm $(locate printf)' and start rewriting
everything in an exclusively object-oriented language (i.e. not C++) if
you don't want to allow these kinds of bugs! C might not have many
bells and whistles, but it sure does contain lots of handy rope and many
sharp edges -- it must always be used with care and understanding.
Greg A. Woods
+1 416 218-0098 VE3TCP <firstname.lastname@example.org> <robohack!woods>
Planix, Inc. <email@example.com>; Secrets of the Weird <firstname.lastname@example.org>