summaryrefslogtreecommitdiffstats
path: root/lib/libc/stdio
diff options
context:
space:
mode:
authorchris <chris@FreeBSD.org>2002-01-06 21:16:41 +0000
committerchris <chris@FreeBSD.org>2002-01-06 21:16:41 +0000
commit37a6f9b2be16e693718342bb84a08b43827d9fab (patch)
tree9824d4861f319f4df52618ace7d1bfb8f9ba4139 /lib/libc/stdio
parent938cb766b865d01150650a56d7b2cbb7df3d1d59 (diff)
downloadFreeBSD-src-37a6f9b2be16e693718342bb84a08b43827d9fab.zip
FreeBSD-src-37a6f9b2be16e693718342bb84a08b43827d9fab.tar.gz
Add new "SECURITY CONSIDERATIONS" sections.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'lib/libc/stdio')
-rw-r--r--lib/libc/stdio/fgets.314
-rw-r--r--lib/libc/stdio/printf.316
-rw-r--r--lib/libc/stdio/tmpnam.318
3 files changed, 48 insertions, 0 deletions
diff --git a/lib/libc/stdio/fgets.3 b/lib/libc/stdio/fgets.3
index c54865d..9c3ecea3 100644
--- a/lib/libc/stdio/fgets.3
+++ b/lib/libc/stdio/fgets.3
@@ -132,10 +132,24 @@ may also fail and set
.Va errno
for any of the errors specified for the routine
.Xr getchar 3 .
+.Sh SECURITY CONSIDERATIONS
+The
+.Fn gets
+function cannot be used securely.
+Because of its lack of bounds checking,
+the use of this function enables malicious users
+to arbitrarily change a running program's functionality through
+a buffer overflow attack.
+(See
+the FSA.)
.Sh SEE ALSO
.Xr feof 3 ,
.Xr ferror 3 ,
.Xr fgetln 3
+.Rs
+.%T "The FreeBSD Security Architecture"
+.%J "/usr/share/doc/{to be determined}"
+.Re
.Sh STANDARDS
The functions
.Fn fgets
diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3
index c16c261..6718bf4 100644
--- a/lib/libc/stdio/printf.3
+++ b/lib/libc/stdio/printf.3
@@ -688,10 +688,26 @@ char *newfmt(const char *fmt, ...)
return (p);
}
.Ed
+.Sh SECURITY CONSIDERATIONS
+The
+.Fn sprintf
+and
+.Fn vsprintf
+functions are easily misused in a manner which enables malicious users
+to arbitrarily change a running program's functionality through
+a buffer overflow attack.
+(See
+the FSA
+and
+.Sx EXAMPLES . )
.Sh SEE ALSO
.Xr printf 1 ,
.Xr scanf 3 ,
.Xr setlocale 3
+.Rs
+.%T "The FreeBSD Security Architecture"
+.%J "/usr/share/doc/{to be determined}"
+.Re
.Sh STANDARDS
The
.Fn fprintf ,
diff --git a/lib/libc/stdio/tmpnam.3 b/lib/libc/stdio/tmpnam.3
index fa61c3d..3538885 100644
--- a/lib/libc/stdio/tmpnam.3
+++ b/lib/libc/stdio/tmpnam.3
@@ -182,9 +182,27 @@ for any of the errors specified for the library functions
.Xr malloc 3
or
.Xr mktemp 3 .
+.Sh SECURITY CONSIDERATIONS
+The
+.Fn tmpnam
+and
+.Fn tempnam
+functions are susceptible to a race condition,
+which allows malicious users
+to potentially overwrite arbitrary files in the system,
+depending on the level of privilege of the running program.
+It is strongly suggested that
+.Xr mkstemp 3
+be used in place of these functions.
+(See
+the FSA.)
.Sh SEE ALSO
.Xr mkstemp 3 ,
.Xr mktemp 3
+.Rs
+.%T "The FreeBSD Security Architecture"
+.%J "/usr/share/doc/{to be determined}"
+.Re
.Sh STANDARDS
The
.Fn tmpfile
OpenPOWER on IntegriCloud