diff options
author | Aaron Campbell <aaron@cvs.openbsd.org> | 2000-07-07 00:13:57 +0000 |
---|---|---|
committer | Aaron Campbell <aaron@cvs.openbsd.org> | 2000-07-07 00:13:57 +0000 |
commit | c804d479e765ebdf814cd5a969ca8b2c6e370dbe (patch) | |
tree | 4212ef49aedd13d2c705a5405844378f7724c26f /lib/libc/gen | |
parent | 3758a8f1045c7c60247fe3f95010de9febd75f93 (diff) |
Add a CAVEATS section explaining that you should never pass a user-supplied
format string directly without %s.
Diffstat (limited to 'lib/libc/gen')
-rw-r--r-- | lib/libc/gen/setproctitle.3 | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/libc/gen/setproctitle.3 b/lib/libc/gen/setproctitle.3 index 37653d5e3cd..a8eabe1a12e 100644 --- a/lib/libc/gen/setproctitle.3 +++ b/lib/libc/gen/setproctitle.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: setproctitle.3,v 1.8 1999/07/09 13:35:18 aaron Exp $ +.\" $OpenBSD: setproctitle.3,v 1.9 2000/07/07 00:13:56 aaron Exp $ .\" .\" Copyright (c) 1994, 1995 Christopher G. Demetriou .\" All rights reserved. @@ -73,3 +73,11 @@ The .Fn setproctitle function first appeared in .Nx 0.9a . +.Sh CAVEATS +Never pass a user-supplied string directly as a format without using %s, +as an attacker can put format specifiers in that string to mangle your +stack. +Be sure to use the proper secure idiom: +.Bd -literal -offset indent +setproctitle("%s", string); +.Ed |