Bugtraq mailing list archives
Re: StackGuard with ... Re: [Paper] Format bugs.
From: Dan Harkless <dan-bugtraq () DILVISH SPEED NET>
Date: Mon, 24 Jul 2000 21:55:26 -0700
mixter () 2XS CO IL writes:
The problem is that the functions using format strings should be secure by default, but they awfully fail to be. That IS an issue at the conceptual level, because the standards themselves allow something that can very easily open security holes. It is a bad idea to have any format functions accept format strings that aren't hard coded at compile time. All these functions need to have one format argument at one location, which definitely needs to be a hard-coded string, (using and enforcing const). Per definition, it is arguably possible to supply variable format strings in a program, but it is rarely practically used, and it shouldn't be practically used. At least, when supplying any format function a non-constant format argument, the compiler should spit out a big warning, and it should do that by default without warnings enabled.
Others have already mentioned the internationalization coding style that would make that a bad idea. On the other hand, I do think that useful compiler warnings could be added for these types of things. It'd be nice to have a warning that'd complain about calling "known printf-like" varargs functions (including setproctitle() et al.) with a single non-constant parameter. You would _not_ want it on by default, because of (innocent) code like: if (flag = 1) color = "red"; else color = "green"; printf(color); /* ideally should be fputs(color, stdout), but... */ Such a warning should be part of gcc -Wall's repertoire, though. Can someone suggest this to the gcc developers? (Unfortunately I don't have time at the moment to look up the preferred method of submitting such a suggestion.) ---------------------------------------------------------------------- Dan Harkless | To prevent SPAM contamination, please dan-bugtraq () dilvish speed net | do not mention this private email SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
Current thread:
- Jakarta-tomcat.../admin, (continued)
- Jakarta-tomcat.../admin Scott Morris (Jul 21)
- StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 21)
- [RHSA-2000:044-02] Updated PAM packages are available. bugzilla () REDHAT COM (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 21)
- Roxen security alert: Problems with URLs containing null characters. Peter Bortas (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Brett Glass (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Brett Glass (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. mixter (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Linus Akesson (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Dan Harkless (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Valentin Nechayev (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Dick St.Peters (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Hannah Schröter (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Stephen J. Friedl (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Casper Dik (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. stanislav shalunov (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Daniel Jacobowitz (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 22)
- Re: StackGuard with ... Re: [Paper] Format bugs. Keith Owens (Jul 24)