[15701] in bugtraq
Re: ftpd and setproctitle()
daemon@ATHENA.MIT.EDU (Bernd Luevelsmeyer)
Mon Jul 10 03:05:54 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <39665EB5.CBD86561@heitec.net>
Date: Sat, 8 Jul 2000 00:50:29 +0200
Reply-To: Bernd Luevelsmeyer <bernd.luevelsmeyer@HEITEC.NET>
From: Bernd Luevelsmeyer <bernd.luevelsmeyer@HEITEC.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
D. J. Bernstein wrote:
[...]
> The solution is to eliminate the interface. Design a new interface that
> doesn't encourage bugs. Then make sure that everyone switches to the new
> interface. Advertise the new interface. Make the old interface more and
> more difficult to use. Move gets() to /usr/lib/libbugpronestandards.a.
[...]
For this class of bugs, shouldn't it be possible to modify the compiler
so it will flag any occurrence of a non-constant format string in
printf()-like functions? I mean, an optional warning if the compiler
can't determine the format string's contents at compile time.
GCC has -Wformat already, which might be upgradeable; and there's
__attribute__((format)) to mark printf-like functions.
Even if user-written functions are not marked with the __attribute__,
calls to functions in the compiler's library could at least be checked.
