Hi Branden, G. Branden Robinson wrote on Thu, Feb 05, 2026 at 12:34:16AM -0600:
> Can you name a security problem arising from groff's use of a standard C > library facility that OpenBSD's libc implementation would prevent or > mitigate, but which gnulib replaces and thereby re-exposes? I already named an example, maybe it was overlooked among the significant number of mails: * Support for printf(3) %n was removed from OpenBSD libc for security reasons. * GNUlib printf(3) supports %n. * One of the reasons why the groff build system replaces native OpenBSD printf(3) - and many other functions - by GNUlib printf(3) is that GNUlib printf(3) supports %n. As far as i know, groff does not (intentionally) use %n. That makes the choice to insist on having it quite strange. On the other hand, "we don't use it, so having it available in the implementation poses no risk" is a weak argument. Defense in depth means that you get the best level of security when you do *both*: *neither* use the dangerous feature *nor* provide it in the implementation - because that means not even a bug can trigger its accidental use. Yours, Ingo
