[15934] in bugtraq
Re: StackGuard with ... Re: [Paper] Format bugs.
daemon@ATHENA.MIT.EDU (Daniel Jacobowitz)
Mon Jul 24 15:50:31 2000
Mail-Followup-To: Daniel Jacobowitz <drow@false.org>,
Brett Glass <brett@LARIAT.ORG>, BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20000722171033.A23444@drow.them.org>
Date: Sat, 22 Jul 2000 17:10:33 -0700
Reply-To: Daniel Jacobowitz <drow@FALSE.ORG>
From: Daniel Jacobowitz <drow@FALSE.ORG>
X-To: Brett Glass <brett@LARIAT.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <4.3.2.7.2.20000721224040.04b04b90@localhost>; from
brett@LARIAT.ORG on Fri, Jul 21, 2000 at 10:48:57PM -0600
On Fri, Jul 21, 2000 at 10:48:57PM -0600, Brett Glass wrote:
> 2) The C language itself has no way of specifying a MINIMUM number of
> arguments for a function call. Had the compiler noted that setproctitle()
> and similar functions need at least two arguments, the mistakes would
> have been caught from the get-go.
>
> The latter problem can be solved by insisting upon the use of macros
> that mandate a minimum number of arguments and produce a warning
> or error message otherwise.
But setproctitle() does not have a minimum of two arguments. Witness:
setproctitle("Pointless static message.");
The issue deals more with non-constant format strings.
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| dan@debian.org | | dmj+@andrew.cmu.edu |
\--------------------------------/ \--------------------------------/
