* Outdated scare text in snprintf man page
@ 2014-06-29 3:45 Rich Felker
[not found] ` <20140629034549.GX179-C3MtFaGISjmo6RMmaWD+6Sb1p8zYI1N1@public.gmane.org>
0 siblings, 1 reply; 2+ messages in thread
From: Rich Felker @ 2014-06-29 3:45 UTC (permalink / raw)
To: Michael Kerrisk (man-pages)
Cc: linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
The following text appears under BUGS in the snprintf man page:
Linux libc4.[45] does not have a snprintf(), but provides a
libbsd that contains an snprintf() equivalent to sprintf(),
that is, one that ignores the size argument. Thus, the use of
snprintf() with early libc4 leads to serious security problems.
I've had people cite this as a reason to be wary of using snprintf,
apparently unaware of what libc4 means. IMO it should just be removed;
it's way too old to be relevant.
Rich
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 2+ messages in thread[parent not found: <20140629034549.GX179-C3MtFaGISjmo6RMmaWD+6Sb1p8zYI1N1@public.gmane.org>]
* Re: Outdated scare text in snprintf man page [not found] ` <20140629034549.GX179-C3MtFaGISjmo6RMmaWD+6Sb1p8zYI1N1@public.gmane.org> @ 2014-06-29 6:29 ` Michael Kerrisk (man-pages) 0 siblings, 0 replies; 2+ messages in thread From: Michael Kerrisk (man-pages) @ 2014-06-29 6:29 UTC (permalink / raw) To: Rich Felker Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w, linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Hi Rich, On 06/29/2014 05:45 AM, Rich Felker wrote: > The following text appears under BUGS in the snprintf man page: > > Linux libc4.[45] does not have a snprintf(), but provides a > libbsd that contains an snprintf() equivalent to sprintf(), > that is, one that ignores the size argument. Thus, the use of > snprintf() with early libc4 leads to serious security problems. > > I've had people cite this as a reason to be wary of using snprintf, > apparently unaware of what libc4 means. IMO it should just be removed; > it's way too old to be relevant. Thanks reporting this. Yes, I agree. I removed this text, and indeed all of the other libc4 and lib5 pieces in the page. Linux libc is ancient history, and those pieces of text are more clutter than help. Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/ -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-06-29 6:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-29 3:45 Outdated scare text in snprintf man page Rich Felker
[not found] ` <20140629034549.GX179-C3MtFaGISjmo6RMmaWD+6Sb1p8zYI1N1@public.gmane.org>
2014-06-29 6:29 ` Michael Kerrisk (man-pages)
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.