SecurityFocus: Format String AttacksSep 17, 2000, 14:19 (7 Talkback[s])
(Other stories by Tim Newsham)
"The cause and implications of format string vulnerabilities are discussed. Practical examples are given to illustrate the principles presented."
"Format string bugs come from the same dark corner as many other security holes: The laziness of programmers. Somewhere out there right now, as this document is being read, there is a programmer writing code. His task: to print out a string or copy it to some buffer. What he means to write is something like:
but instead he decides that he can save time, effort and 6 bytes of source code by typing:
Why not? Why bother with the extra