Security Portal: Format Strings - An Interview with Chris Evans | Linux Today

Security Portal: Format Strings – An Interview with Chris Evans

Written By
Web Webster
Web Webster
Oct 11, 2000

It appears to me that these format strings have been
present a very long time. A CERT advisory mentioned them being in
WuFTPD since 1993. Do you think attackers have known about them and
been using them?
(This certainly would be a convenient
explanation for many mysterious unsolved break-ins.)”

“This is a very interesting question. It depends what you mean
by “attackers.” I doubt this problem was widely known in the
underground cracker community. When that is the case, the exploit
usually leaks to the public. I can happily entertain that a few
highly skilled individuals knew about this issue, though. Finally,
we should be wary of attributing any unsolved break-ins to format
string bugs. Even if a compromised site was running daemons
containing format string bugs, there is still the potential for
undiscovered security bugs which are not of a format string
nature.”

“As we know, string/buffer handling has traditionally been very
buggy. The most obvious example of buggy buffer handling is the
classic buffer overflow.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.