Subject: Re: error function re-factoring.
To: None <>
From: Roland Illig <>
List: tech-userlevel
Date: 07/29/2006 14:40:52
Iain Hibbert wrote:
> Roland Illig wrote:
>>Matthias Drochner wrote:
>>>Whether error messages are printed or not... not
>>>sure what is right. But if error messages are printed,
>>>they should not contain the strings passed by the user
>>>as they could contain escape sequences or sensitive
>>Would that mean that _all_ NetBSD utilities, even cat(1), would have to be
>>rewritten to never output control characters when that is not expected? What
>>would be the correct error message if a file whose name contains special
>>characters cannot be found?
> no, its the difference between
> 	err(EXIT_FAILURE, *argv);	/* bad */
> and
> 	err(EXIT_FAILURE, "%s", *argv);	/* good */

Even the second one can be a security hole if the pathname contains 
characters that are interpreted in some special way by the terminal. I 
think this is what Matthias meant.

Preventing format string bugs like in the case above is trivial 
(-Wformat=2), so it's not worth a discussion here.