Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5
To: Chris G. Demetriou <>
From: Greywolf <>
List: tech-userlevel
Date: 09/11/2000 23:28:13
On 11 Sep 2000, Chris G. Demetriou wrote:

# (2) This actually brings up a larger, more serious point:
# Before packages which set up network server ports or are set-id or may
# have other security implications are created, they should be audited,
# and the responsibility for doing that should be on the people who want
# to create them.  Even ignoring the %n problems, who's to say that they
# have been converted to avoid actual buffer overruns, e.g. by using
# snprintf() rather than sprintf()?

...such as not using sprintf() for externally manipulable (read:
user-supplied) data?  (For the extremely paranoid...)

# The same goes for programs in our main source tree, actually.
# The responsibility for these things shouldn't be on some random person
# (it seems you'd like to say me 8-), but the people who import and/or
# change the code.  After all, they're the ones proposing to make the
# system be insecure or its programs more crash-prone, or ...

Indeed.  Code submitted will (or should) be reviewed, and if found
to be insecure (or crash-prone) (or stylistically unappealing, but hey,
let's stick to the important things), will be rejected as "an egregious
hack". ;-)

# cgd

BSD: the devil finds work for idle cycles.