Date: Thu, 07 Sep 2000 22:14:28 -0600 From: Warner Losh <imp@village.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: John Doh! <johndoh_@hotmail.com>, security@FreeBSD.org, hackers@FreeBSD.org Subject: Re: How to stop problems from printf Message-ID: <200009080414.WAA51177@harmony.village.org> In-Reply-To: Your message of "Thu, 07 Sep 2000 20:57:07 PDT." <Pine.BSF.4.21.0009072054310.73211-100000@freefall.freebsd.org> References: <Pine.BSF.4.21.0009072054310.73211-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.21.0009072054310.73211-100000@freefall.freebsd.org> Kris Kennaway writes: : It also needs to check they are all of the same type, as changing a %d to : a %s for example could conceivably be exploitable. And you would have to : forbid escaped % characters as well. Yeah, I think that would be : doable. We probably should talk to the gnu gettext guys. Hmmm, yes, you would have to check as well. I thought I said that originally. No need to forbid %%, however. That's not exploitable unless you nest these things, and then all bets are off. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009080414.WAA51177>