Linux Today: Linux News On Internet Time.

SecurityFocus: Format String Attacks

Sep 17, 2000, 14:19 (7 Talkback[s])
(Other stories by Tim Newsham)

"The cause and implications of format string vulnerabilities are discussed. Practical examples are given to illustrate the principles presented."

"Format string bugs come from the same dark corner as many other security holes: The laziness of programmers. Somewhere out there right now, as this document is being read, there is a programmer writing code. His task: to print out a string or copy it to some buffer. What he means to write is something like:

    printf("%s", str);

but instead he decides that he can save time, effort and 6 bytes of source code by typing:


Why not? Why bother with the extra printf argument and the time it takes to parse through that silly format? The first argument to printf is a string to be printed anyway! Because the programmer has just unknowingly opened a security hole that allows an attacker to control the execution of the program, that's why!"

Complete Story

Related Stories: