diff options
author | eric <eric@FreeBSD.org> | 2001-05-25 20:42:40 +0000 |
---|---|---|
committer | eric <eric@FreeBSD.org> | 2001-05-25 20:42:40 +0000 |
commit | 851fceab51b8b97544af74fe8f395076099eff89 (patch) | |
tree | 144fe45e743943fd302233c906b124fcab0fb022 /lib/libc/gen/setproctitle.3 | |
parent | ff64d076a6eb3ccc08915d957aa900350c6111c6 (diff) | |
download | FreeBSD-src-851fceab51b8b97544af74fe8f395076099eff89.zip FreeBSD-src-851fceab51b8b97544af74fe8f395076099eff89.tar.gz |
Add warnings about trusting user-supplied data.
Reviewed by: ru
Approved by: murray
Obtained from: OpenBSD
Diffstat (limited to 'lib/libc/gen/setproctitle.3')
-rw-r--r-- | lib/libc/gen/setproctitle.3 | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/lib/libc/gen/setproctitle.3 b/lib/libc/gen/setproctitle.3 index eed8f81..15538d5 100644 --- a/lib/libc/gen/setproctitle.3 +++ b/lib/libc/gen/setproctitle.3 @@ -25,8 +25,7 @@ .Dt SETPROCTITLE 3 .Sh NAME .Nm setproctitle -.Nd set the process title for -.Xr ps 1 +.Nd set process title .Sh SYNOPSIS .Fd #include <sys/types.h> .Fd #include <unistd.h> @@ -99,3 +98,17 @@ stole the idea from the .Sy "Sendmail 8.7.3" source code by .An Eric Allman Aq eric@sendmail.org . +.Sh BUGS +Never pass a string with user-supplied data as a format without using +.Ql %s . +An attacker can put format specifiers in the string to mangle your stack, +leading to a possible security hole. +This holds true even if the string was built using a function like +.Fn snprintf , +as the resulting string may still contain user-supplied conversion specifiers +for later interpolation by +.Fn setproctitle . +.Pp +Always use the proper secure idiom: +.Pp +.Dl setproctitle("%s", string); |