On Fri, Dec 16 2022, Vincent Lefevre wrote:
> On 2022-12-15 18:56:15 -0700, Theo de Raadt wrote:
>> There are almost no %n left in the software ecosystem. If we are able
>> to make this crossing, everyone else is also capable, and eventually
>> will. Just like with gets().
>
> FYI, this breaks
That could almost be an entry for calendars.openbsd
Dec 16 Vincent Lefevre arrives and tries to educate the OpenBSD developers
about format string vulnerabilities, which they have been fixing
since 1996
Vincent Lefevre wrote:
> On 2022-12-16 09:03:39 -0700, Theo de
On 2022-12-16 09:03:39 -0700, Theo de Raadt wrote:
> Vincent Lefevre wrote:
>
> > BTW, if developers use an untrusted format string, then sprintf()
> > is unsafe too (possible buffer overflow), and at some point,
> > printf() too.
>
> what are you trying to say?
According to
Vincent Lefevre wrote:
> BTW, if developers use an untrusted format string, then sprintf()
> is unsafe too (possible buffer overflow), and at some point,
> printf() too.
what are you trying to say?
are you trying to say everyone including you should review and audit and
re-audit all of them?
Well they need to respond, or openbsd ports needs a diff.
Vincent Lefevre wrote:
> On 2022-12-15 18:56:15 -0700, Theo de Raadt wrote:
> > There are almost no %n left in the software ecosystem. If we are able
> > to make this crossing, everyone else is also capable, and eventually
> > will.
On 22-12-16 02:21AM, Tim Chase wrote:
> According to the POSIX definitions for mail(1) & mailx(1), the
> (s)ave command should save to "mbox" if the filename is not specified
>
> ...
>
> However, when exercising this functionality, mail(1) on OpenBSD
> (also tested on FreeBSD where the same issue
On 2022/12/16 10:50, Vincent Lefevre wrote:
> On 2022-12-15 18:56:15 -0700, Theo de Raadt wrote:
> > There are almost no %n left in the software ecosystem. If we are able
> > to make this crossing, everyone else is also capable, and eventually
> > will. Just like with gets().
>
> FYI, this
On 2022-12-15 18:56:15 -0700, Theo de Raadt wrote:
> There are almost no %n left in the software ecosystem. If we are able
> to make this crossing, everyone else is also capable, and eventually
> will. Just like with gets().
FYI, this breaks GMP, whose configure script insists on %n being