diff options
| author | Paul Janzen <pjanzen@cvs.openbsd.org> | 2001-02-17 17:15:28 +0000 |
|---|---|---|
| committer | Paul Janzen <pjanzen@cvs.openbsd.org> | 2001-02-17 17:15:28 +0000 |
| commit | b08a58848e4fbc1d338e94ddec9704d594e2232a (patch) | |
| tree | 166ecbb2ab3ce0bdf1a3c96b4bd759d22b9b3bd1 /lib/libc/gen | |
| parent | f9ec141e3fe6cc02c2490be77251e18b80b49a1e (diff) | |
It's not that I mind split infinitives. I just like to save'em for when
they're really needed.
Diffstat (limited to 'lib/libc/gen')
| -rw-r--r-- | lib/libc/gen/setproctitle.3 | 6 | ||||
| -rw-r--r-- | lib/libc/gen/syslog.3 | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/lib/libc/gen/setproctitle.3 b/lib/libc/gen/setproctitle.3 index 5b6201d79c4..e5f0d24498e 100644 --- a/lib/libc/gen/setproctitle.3 +++ b/lib/libc/gen/setproctitle.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: setproctitle.3,v 1.13 2001/01/26 06:38:23 aaron Exp $ +.\" $OpenBSD: setproctitle.3,v 1.14 2001/02/17 17:15:23 pjanzen Exp $ .\" .\" Copyright (c) 1994, 1995 Christopher G. Demetriou .\" All rights reserved. @@ -74,7 +74,7 @@ The function first appeared in .Nx 0.9a . .Sh CAVEATS -It is important to never pass a string with user-supplied data as a +It is important never to pass a string with user-supplied data as a format without using .Ql %s . An attacker can put format specifiers in the string to mangle your stack, @@ -87,7 +87,7 @@ as the resulting string may still contain user-supplied conversion specifiers for later interpolation by .Fn setproctitle . .Pp -Be sure to always use the proper secure idiom: +Always be sure to use the proper secure idiom: .Bd -literal -offset indent setproctitle("%s", string); .Ed diff --git a/lib/libc/gen/syslog.3 b/lib/libc/gen/syslog.3 index 4737782e99c..f922a0fc339 100644 --- a/lib/libc/gen/syslog.3 +++ b/lib/libc/gen/syslog.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: syslog.3,v 1.10 2000/12/24 00:30:52 aaron Exp $ +.\" $OpenBSD: syslog.3,v 1.11 2001/02/17 17:15:23 pjanzen Exp $ .\" .\" Copyright (c) 1985, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -264,7 +264,7 @@ These functions appeared in .Bx 4.2 . .Sh CAVEATS -It is important to never pass a string with user-supplied data as a +It is important never to pass a string with user-supplied data as a format without using .Ql %s . An attacker can put format specifiers in the string to mangle your stack, @@ -277,7 +277,7 @@ as the resulting string may still contain user-supplied conversion specifiers for later interpolation by .Fn syslog . .Pp -Be sure to always use the proper secure idiom: +Always be sure to use the proper secure idiom: .Bd -literal -offset indent syslog("%s", string); .Ed |