diff options
author | Eric Melville <eric@FreeBSD.org> | 2001-05-25 20:42:40 +0000 |
---|---|---|
committer | Eric Melville <eric@FreeBSD.org> | 2001-05-25 20:42:40 +0000 |
commit | 2de21960267bf0a1c33d2a13c07402ee757d8161 (patch) | |
tree | ed53d069b8e91b894b84f7de41a356db6acd77b0 /lib/libc/gen/syslog.3 | |
parent | fe95b4649122be8b7d5f666f52c96df8cdf94f87 (diff) | |
download | src-2de21960267bf0a1c33d2a13c07402ee757d8161.tar.gz src-2de21960267bf0a1c33d2a13c07402ee757d8161.zip |
Add warnings about trusting user-supplied data.
Reviewed by: ru
Approved by: murray
Obtained from: OpenBSD
Notes
Notes:
svn path=/head/; revision=77200
Diffstat (limited to 'lib/libc/gen/syslog.3')
-rw-r--r-- | lib/libc/gen/syslog.3 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/libc/gen/syslog.3 b/lib/libc/gen/syslog.3 index a2763234f4fb..7513d6018191 100644 --- a/lib/libc/gen/syslog.3 +++ b/lib/libc/gen/syslog.3 @@ -280,3 +280,17 @@ syslog(LOG_INFO|LOG_LOCAL2, "foobar error: %m"); These functions appeared in .Bx 4.2 . +.Sh BUGS +Never pass a string with user-supplied data as a format without using +.Ql %s . +An attacker can put format specifiers in the string to mangle your stack, +leading to a possible security hole. +This holds true even if the string was built using a function like +.Fn snprintf , +as the resulting string may still contain user-supplied conversion specifiers +for later interpolation by +.Fn syslog . +.Pp +Always use the proper secure idiom: +.Pp +.Dl syslog("%s", string); |