Add warnings about trusting user-supplied data.

Reviewed by: ru Approved by: murray Obtained from: OpenBSD
author: eric <eric@FreeBSD.org> 2001-05-25 20:42:40 +0000
committer: eric <eric@FreeBSD.org> 2001-05-25 20:42:40 +0000
commit: 851fceab51b8b97544af74fe8f395076099eff89 (patch)
tree: 144fe45e743943fd302233c906b124fcab0fb022 /lib/libc/gen/setproctitle.3
parent: ff64d076a6eb3ccc08915d957aa900350c6111c6 (diff)
download: FreeBSD-src-851fceab51b8b97544af74fe8f395076099eff89.zip
FreeBSD-src-851fceab51b8b97544af74fe8f395076099eff89.tar.gz
1 files changed, 15 insertions, 2 deletions
diff --git a/lib/libc/gen/setproctitle.3 b/lib/libc/gen/setproctitle.3
index eed8f81..15538d5 100644
--- a/lib/libc/gen/setproctitle.3
+++ b/lib/libc/gen/setproctitle.3
@@ -25,8 +25,7 @@
 .Dt SETPROCTITLE 3
 .Sh NAME
 .Nm setproctitle
-.Nd set the process title for
-.Xr ps 1
+.Nd set process title
 .Sh SYNOPSIS
 .Fd #include <sys/types.h>
 .Fd #include <unistd.h>
@@ -99,3 +98,17 @@ stole the idea from the
 .Sy "Sendmail 8.7.3"
 source code by
 .An Eric Allman Aq eric@sendmail.org .
+.Sh BUGS
+Never pass a string with user-supplied data as a format without using
+.Ql %s .
+An attacker can put format specifiers in the string to mangle your stack, 
+leading to a possible security hole.
+This holds true even if the string was built using a function like
+.Fn snprintf ,
+as the resulting string may still contain user-supplied conversion specifiers
+for later interpolation by
+.Fn setproctitle .
+.Pp
+Always use the proper secure idiom:
+.Pp
+.Dl setproctitle("%s", string);
author	eric <eric@FreeBSD.org>	2001-05-25 20:42:40 +0000
committer	eric <eric@FreeBSD.org>	2001-05-25 20:42:40 +0000
commit	851fceab51b8b97544af74fe8f395076099eff89 (patch)
tree	144fe45e743943fd302233c906b124fcab0fb022 /lib/libc/gen/setproctitle.3
parent	ff64d076a6eb3ccc08915d957aa900350c6111c6 (diff)
download	FreeBSD-src-851fceab51b8b97544af74fe8f395076099eff89.zip FreeBSD-src-851fceab51b8b97544af74fe8f395076099eff89.tar.gz