[Bug 15223] New: Mention security in the manpages for strcat, scanf, and getopt - bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r

All of lore.kernel.org
 help / color / mirror / Atom feed

From: bugzilla-daemon-590EEB7GvNiWaY/ihj7yzEB+6BGkLq7r@public.gmane.org
To: linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [Bug 15223] New: Mention security in the manpages for strcat, scanf, and getopt
Date: Thu, 4 Feb 2010 09:51:31 GMT	[thread overview]
Message-ID: <bug-15223-11311@http.bugzilla.kernel.org/> (raw)

http://bugzilla.kernel.org/show_bug.cgi?id=15223

           Summary: Mention security in the manpages for strcat, scanf,
                    and getopt
           Product: Documentation
           Version: unspecified
    Kernel Version: Linux man-pages 3.23
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: enhancement
          Priority: P1
         Component: man-pages
        AssignedTo: documentation_man-pages-ztI5WcYan/vQLgFONoPN62D2FQJk+8+b@public.gmane.org
        ReportedBy: jasonspiro4-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
        Regression: No


Thanks for all the hard work you put in on maintaining kernel documentation.

The manpages for strcat[1], scanf[2], and getopt[3] don't mention the fact that
using those functions can lead to buffer overflow security exploits.  The
Secure Programming HOWTO section about C/C++[4] explains how to avoid such
exploits when using these functions.

Please add a "BUGS" or "SECURITY" section to those functions' manpages, which
talks about security.

^  [1].  http://www.kernel.org/doc/man-pages/online/pages/man3/strcat.3.html
^  [2].  http://www.kernel.org/doc/man-pages/online/pages/man3/scanf.3.html
^  [3].  http://www.kernel.org/doc/man-pages/online/pages/man3/getopt.3.html
^  [4]. 
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/dangers-c.html

-- 
Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

                 reply	other threads:[~2010-02-04  9:51 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-15223-11311@http.bugzilla.kernel.org/ \
    --to=bugzilla-daemon-590eeb7gvniway/ihj7yzeb+6bgklq7r@public.gmane.org \
    --cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.