Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5
To: None <>
From: Greg A. Woods <>
List: tech-userlevel
Date: 09/13/2000 01:04:31
[ On Monday, September 11, 2000 at 16:59:04 (-0400), Bill Sommerfeld wrote: ]
> Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5 
> I'm attempting to reduce the magnitude of the harm which can result
> from a bug of this form, from a total system compromise, to a mere
> denial of service.

I would hope that a denial-of-service type of bug, especially in any
set-{user,group}-id program, would result in an advisory being issued --
there's nothing "mere" about them in my mind!!!  However if the
consensus is that an advisory is not necessary then yes it would be
sensible to do something about '%n' and leave the rest for later

If something is to be done explicitly about '%n' then I personally would
prefer some sort of run-time checking since that's the only way to
really be able to catch them.  Perhaps the discovery of a '%n' in the
format string could be made to cause a warning to be logged, and perhaps
if the program is running with enhanced privileges to simply ignore the
'%n' too.  As for controlling it (i.e. to allow a programmer in the know
to disable the checks), well that really needs to be done on a per-call
basis.  I don't know how best to do this, other than having a global
variable that the programmer must set before every call and which will
be reset within the printf() core.  This would allow lazy and diligent
programmers to put a wrapper macro in their config.h to cover all calls,
of course, but every compromise has its drawbacks.

Unfortunately this is like having a caching nameserver log that someone
else's nameserver is lame for some domain you're trying to access --
you're telling all the wrong people, but maybe if you make enough noise
someone will eventually tell the people who can actually do something to
fix the real problem.

							Greg A. Woods

+1 416 218-0098      VE3TCP      <>      <robohack!woods>
Planix, Inc. <>; Secrets of the Weird <>