Subject: Re: error function re-factoring.
To: None <email@example.com>
From: Roland Illig <rillig@NetBSD.org>
Date: 07/29/2006 14:40:52
Iain Hibbert wrote:
> Roland Illig wrote:
>>Matthias Drochner wrote:
>>>Whether error messages are printed or not... not
>>>sure what is right. But if error messages are printed,
>>>they should not contain the strings passed by the user
>>>as they could contain escape sequences or sensitive
>>Would that mean that _all_ NetBSD utilities, even cat(1), would have to be
>>rewritten to never output control characters when that is not expected? What
>>would be the correct error message if a file whose name contains special
>>characters cannot be found?
> no, its the difference between
> err(EXIT_FAILURE, *argv); /* bad */
> err(EXIT_FAILURE, "%s", *argv); /* good */
Even the second one can be a security hole if the pathname contains
characters that are interpreted in some special way by the terminal. I
think this is what Matthias meant.
Preventing format string bugs like in the case above is trivial
(-Wformat=2), so it's not worth a discussion here.