mailing list archives
Re: Format String Attacks
From: Casper Dik <Casper.Dik () HOLLAND SUN COM>
Date: Fri, 15 Sep 2000 09:15:45 +0200
Note that perror() itself may perform localization on some platforms and
under some circumstances (e.g., if compiled with -lintl under Solaris).
perror() is always localized; -lintl isn't an actual library since
Solaris 2.5 when it was merged into libc.
I don't know whether it's exploitable in practice, but it appears to me
as though this wrapper could suffer, at least theoretically, from the
same weakness as the programs it's trying to protect.
That one isn't; no printf is involved in perror().
(It's gettext(strerror(errno)) written with write)
Of course, there are two other gaping holes in the wrapper, so
that point is a bit moot.
Re: Format String Attacks Rick Perry (Sep 14)