summaryrefslogtreecommitdiff
path: root/lib/libc/gen
diff options
context:
space:
mode:
authorAaron Campbell <aaron@cvs.openbsd.org>2000-07-07 00:13:57 +0000
committerAaron Campbell <aaron@cvs.openbsd.org>2000-07-07 00:13:57 +0000
commitc804d479e765ebdf814cd5a969ca8b2c6e370dbe (patch)
tree4212ef49aedd13d2c705a5405844378f7724c26f /lib/libc/gen
parent3758a8f1045c7c60247fe3f95010de9febd75f93 (diff)
Add a CAVEATS section explaining that you should never pass a user-supplied
format string directly without %s.
Diffstat (limited to 'lib/libc/gen')
-rw-r--r--lib/libc/gen/setproctitle.310
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/libc/gen/setproctitle.3 b/lib/libc/gen/setproctitle.3
index 37653d5e3cd..a8eabe1a12e 100644
--- a/lib/libc/gen/setproctitle.3
+++ b/lib/libc/gen/setproctitle.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: setproctitle.3,v 1.8 1999/07/09 13:35:18 aaron Exp $
+.\" $OpenBSD: setproctitle.3,v 1.9 2000/07/07 00:13:56 aaron Exp $
.\"
.\" Copyright (c) 1994, 1995 Christopher G. Demetriou
.\" All rights reserved.
@@ -73,3 +73,11 @@ The
.Fn setproctitle
function first appeared in
.Nx 0.9a .
+.Sh CAVEATS
+Never pass a user-supplied string directly as a format without using %s,
+as an attacker can put format specifiers in that string to mangle your
+stack.
+Be sure to use the proper secure idiom:
+.Bd -literal -offset indent
+setproctitle("%s", string);
+.Ed