From 37a6f9b2be16e693718342bb84a08b43827d9fab Mon Sep 17 00:00:00 2001
From: chris <chris@FreeBSD.org>
Date: Sun, 6 Jan 2002 21:16:41 +0000
Subject: Add new "SECURITY CONSIDERATIONS" sections.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
---
 lib/libc/stdio/fgets.3  | 14 ++++++++++++++
 lib/libc/stdio/printf.3 | 16 ++++++++++++++++
 lib/libc/stdio/tmpnam.3 | 18 ++++++++++++++++++
 3 files changed, 48 insertions(+)

(limited to 'lib')

diff --git a/lib/libc/stdio/fgets.3 b/lib/libc/stdio/fgets.3
index c54865d..9c3ecea3 100644
--- a/lib/libc/stdio/fgets.3
+++ b/lib/libc/stdio/fgets.3
@@ -132,10 +132,24 @@ may also fail and set
 .Va errno
 for any of the errors specified for the routine
 .Xr getchar 3 .
+.Sh SECURITY CONSIDERATIONS
+The
+.Fn gets
+function cannot be used securely.
+Because of its lack of bounds checking,
+the use of this function enables malicious users
+to arbitrarily change a running program's functionality through
+a buffer overflow attack.
+(See
+the FSA.)
 .Sh SEE ALSO
 .Xr feof 3 ,
 .Xr ferror 3 ,
 .Xr fgetln 3
+.Rs
+.%T "The FreeBSD Security Architecture"
+.%J "/usr/share/doc/{to be determined}"
+.Re
 .Sh STANDARDS
 The functions
 .Fn fgets
diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3
index c16c261..6718bf4 100644
--- a/lib/libc/stdio/printf.3
+++ b/lib/libc/stdio/printf.3
@@ -688,10 +688,26 @@ char *newfmt(const char *fmt, ...)
 		return (p);
 }
 .Ed
+.Sh SECURITY CONSIDERATIONS
+The
+.Fn sprintf
+and
+.Fn vsprintf
+functions are easily misused in a manner which enables malicious users
+to arbitrarily change a running program's functionality through
+a buffer overflow attack.
+(See
+the FSA
+and
+.Sx EXAMPLES . )
 .Sh SEE ALSO
 .Xr printf 1 ,
 .Xr scanf 3 ,
 .Xr setlocale 3
+.Rs
+.%T "The FreeBSD Security Architecture"
+.%J "/usr/share/doc/{to be determined}"
+.Re
 .Sh STANDARDS
 The
 .Fn fprintf ,
diff --git a/lib/libc/stdio/tmpnam.3 b/lib/libc/stdio/tmpnam.3
index fa61c3d..3538885 100644
--- a/lib/libc/stdio/tmpnam.3
+++ b/lib/libc/stdio/tmpnam.3
@@ -182,9 +182,27 @@ for any of the errors specified for the library functions
 .Xr malloc 3
 or
 .Xr mktemp 3 .
+.Sh SECURITY CONSIDERATIONS
+The
+.Fn tmpnam
+and
+.Fn tempnam
+functions are susceptible to a race condition,
+which allows malicious users
+to potentially overwrite arbitrary files in the system,
+depending on the level of privilege of the running program.
+It is strongly suggested that
+.Xr mkstemp 3
+be used in place of these functions.
+(See
+the FSA.)
 .Sh SEE ALSO
 .Xr mkstemp 3 ,
 .Xr mktemp 3
+.Rs
+.%T "The FreeBSD Security Architecture"
+.%J "/usr/share/doc/{to be determined}"
+.Re
 .Sh STANDARDS
 The
 .Fn tmpfile
-- 
cgit v1.1