Include information on the dangers of passing a user-supplied string as

a format string.  This will later on be changed to a reference to the
FreeBSD Security Architecture after it has been committed.

PR:		docs/39320
Sposnored by:	DARPA, NAI Labs

1 files changed, 21 insertions, 0 deletions

diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3
index c46284e..3f5f8b4 100644
--- a/lib/libc/stdio/printf.3
+++ b/lib/libc/stdio/printf.3
@@ -700,6 +700,27 @@ a buffer overflow attack.
 the FSA
 and
 .Sx EXAMPLES . )
+.Pp
+.\" XXX - rewrite after FSA
+The
+.Fn printf
+and
+.Fn vprintf
+functions are also easily misused in a manner allowing malicious users
+to arbitrarily change a running program's functionality by either
+causing the program to print potentially sensitive data
+.Dq "left on the stack,"
+or causing it to generate a memory fault or bus error
+by dereferencing an invalid pointer.
+.Pp
+Never, under any circumstances pass a string obtained from the network,
+a file, or any user as a format string to a
+.Fn printf
+or
+.Fn sprintf
+function.
+.Xc
+.Ec
 .Sh SEE ALSO
 .Xr printf 1 ,
 .Xr scanf 3 ,