Date: Wed, 8 Sep 2010 10:13:30 -0700 From: mdf@FreeBSD.org To: Rink Springer <rink@freebsd.org> Cc: freebsd-current@freebsd.org Subject: Re: deprecating sprintf(9) Message-ID: <AANLkTi=yXb4FBZDnYSLCtBjUEKX_BLcJEvhWRx=aeV09@mail.gmail.com> In-Reply-To: <20100908161531.GJ37467@rink.nu> References: <AANLkTikO1v7YMFKVZkHZDmurcyfq0QbTkPxG=LNBdKSp@mail.gmail.com> <20100908161531.GJ37467@rink.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 8, 2010 at 9:15 AM, Rink Springer <rink@freebsd.org> wrote: > Hi, > > On Wed, Sep 08, 2010 at 08:51:57AM -0700, mdf@FreeBSD.org wrote: >> It seems like a large project, but OTOH sprintf(9) is mighty unsafe in >> the kernel. =A0It's disapproved of for user-space as being unsafe for >> security reasons as well, but the potential downsides aren't the same, >> and we'll never clean up ports anyways. :-) > > Deprecating it may be usable, yet I don't believe we can easily enforce > such a policy [1]. If the kernel sources don't use it then the prototype can be removed. > Have you looked at how many (potentially) unsecure > uses there are in the kernel, to give an idea how useful such an effort > would be? I presume all the kernel uses are safe at the moment, but it's an error prone construction. As of this morning grep found 1277 occurrences of sprintf(9) in sys/ and 23 occurrences of vsprintf(9) in sys/. Thanks, matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=yXb4FBZDnYSLCtBjUEKX_BLcJEvhWRx=aeV09>