diff options
author | chris <chris@FreeBSD.org> | 2002-01-06 21:16:41 +0000 |
---|---|---|
committer | chris <chris@FreeBSD.org> | 2002-01-06 21:16:41 +0000 |
commit | 37a6f9b2be16e693718342bb84a08b43827d9fab (patch) | |
tree | 9824d4861f319f4df52618ace7d1bfb8f9ba4139 /lib/libc/stdio | |
parent | 938cb766b865d01150650a56d7b2cbb7df3d1d59 (diff) | |
download | FreeBSD-src-37a6f9b2be16e693718342bb84a08b43827d9fab.zip FreeBSD-src-37a6f9b2be16e693718342bb84a08b43827d9fab.tar.gz |
Add new "SECURITY CONSIDERATIONS" sections.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'lib/libc/stdio')
-rw-r--r-- | lib/libc/stdio/fgets.3 | 14 | ||||
-rw-r--r-- | lib/libc/stdio/printf.3 | 16 | ||||
-rw-r--r-- | lib/libc/stdio/tmpnam.3 | 18 |
3 files changed, 48 insertions, 0 deletions
diff --git a/lib/libc/stdio/fgets.3 b/lib/libc/stdio/fgets.3 index c54865d..9c3ecea3 100644 --- a/lib/libc/stdio/fgets.3 +++ b/lib/libc/stdio/fgets.3 @@ -132,10 +132,24 @@ may also fail and set .Va errno for any of the errors specified for the routine .Xr getchar 3 . +.Sh SECURITY CONSIDERATIONS +The +.Fn gets +function cannot be used securely. +Because of its lack of bounds checking, +the use of this function enables malicious users +to arbitrarily change a running program's functionality through +a buffer overflow attack. +(See +the FSA.) .Sh SEE ALSO .Xr feof 3 , .Xr ferror 3 , .Xr fgetln 3 +.Rs +.%T "The FreeBSD Security Architecture" +.%J "/usr/share/doc/{to be determined}" +.Re .Sh STANDARDS The functions .Fn fgets diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3 index c16c261..6718bf4 100644 --- a/lib/libc/stdio/printf.3 +++ b/lib/libc/stdio/printf.3 @@ -688,10 +688,26 @@ char *newfmt(const char *fmt, ...) return (p); } .Ed +.Sh SECURITY CONSIDERATIONS +The +.Fn sprintf +and +.Fn vsprintf +functions are easily misused in a manner which enables malicious users +to arbitrarily change a running program's functionality through +a buffer overflow attack. +(See +the FSA +and +.Sx EXAMPLES . ) .Sh SEE ALSO .Xr printf 1 , .Xr scanf 3 , .Xr setlocale 3 +.Rs +.%T "The FreeBSD Security Architecture" +.%J "/usr/share/doc/{to be determined}" +.Re .Sh STANDARDS The .Fn fprintf , diff --git a/lib/libc/stdio/tmpnam.3 b/lib/libc/stdio/tmpnam.3 index fa61c3d..3538885 100644 --- a/lib/libc/stdio/tmpnam.3 +++ b/lib/libc/stdio/tmpnam.3 @@ -182,9 +182,27 @@ for any of the errors specified for the library functions .Xr malloc 3 or .Xr mktemp 3 . +.Sh SECURITY CONSIDERATIONS +The +.Fn tmpnam +and +.Fn tempnam +functions are susceptible to a race condition, +which allows malicious users +to potentially overwrite arbitrary files in the system, +depending on the level of privilege of the running program. +It is strongly suggested that +.Xr mkstemp 3 +be used in place of these functions. +(See +the FSA.) .Sh SEE ALSO .Xr mkstemp 3 , .Xr mktemp 3 +.Rs +.%T "The FreeBSD Security Architecture" +.%J "/usr/share/doc/{to be determined}" +.Re .Sh STANDARDS The .Fn tmpfile |