Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5
To: Chris G. Demetriou <firstname.lastname@example.org>
From: Greywolf <email@example.com>
Date: 09/11/2000 23:28:13
On 11 Sep 2000, Chris G. Demetriou wrote:
# (2) This actually brings up a larger, more serious point:
# Before packages which set up network server ports or are set-id or may
# have other security implications are created, they should be audited,
# and the responsibility for doing that should be on the people who want
# to create them. Even ignoring the %n problems, who's to say that they
# have been converted to avoid actual buffer overruns, e.g. by using
# snprintf() rather than sprintf()?
...such as not using sprintf() for externally manipulable (read:
user-supplied) data? (For the extremely paranoid...)
# The same goes for programs in our main source tree, actually.
# The responsibility for these things shouldn't be on some random person
# (it seems you'd like to say me 8-), but the people who import and/or
# change the code. After all, they're the ones proposing to make the
# system be insecure or its programs more crash-prone, or ...
Indeed. Code submitted will (or should) be reviewed, and if found
to be insecure (or crash-prone) (or stylistically unappealing, but hey,
let's stick to the important things), will be rejected as "an egregious
BSD: the devil finds work for idle cycles.