Re: man pages for format string functions
From: Mike Bristow (mike@urgle.com)
Date: 03/29/01
- Next message: James Greenfield: "Re: Something's happening with named"
- Previous message: Seorge: "Thanx"
- In reply to: Kris Kennaway: "Re: man pages for format string functions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Mar 2001 17:09:04 +0100 From: Mike Bristow <mike@urgle.com> To: Kris Kennaway <kris@obsecurity.org>
[ doc@ added; hackers@ dropped (xpost limit:(). I'm not on either doc@ or
security@, so please cc me on any replies ]
On Tue, Mar 27, 2001 at 11:17:09AM -0800, Kris Kennaway wrote:
> On Tue, Mar 27, 2001 at 02:13:03PM -0500, Andrew R. Reiter wrote:
[ on adding warnings to man pages about potential format-string type
bugs ]
> > I am fairly poor with wording man pages, as you can see, but I think it
> > might be worth while just to point this out.
>
> I've wanted to do this, but so far haven't had time. Do you think you
> could submit a patch? Don't worry about wording, that can easily be
> tweaked.
Here's a first-draft of such a patch that covers printf(3), stdarg(3),
err(3), setproctitle(3), and syslog(3), together with their
on-the-same-manpage friends.
I haven't touched NgSendAsciiMsg(3), and libstand(3) [ for
panic(const char *msg, ...) ], but possibly I should.
Any comments? Anything obvious I've missed?
I'll look at these again with fresh eyes tomorrow, deal with any comments,
and then file a PR, I guess.
-- Mike Bristow, seebitwopie
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- text/plain attachment: format-string-vulns-man.patch
- Next message: James Greenfield: "Re: Something's happening with named"
- Previous message: Seorge: "Thanx"
- In reply to: Kris Kennaway: "Re: man pages for format string functions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
