On Wed, Dec 04, 2013 at 05:11:16PM -0600, Ian Pilcher wrote: > On 12/04/2013 04:56 PM, Brendan Jones wrote: > > Patching is not a problem. Unnecessary is the question. Explain to me > > (not you in particular Rahul) how these printf's can possibly be exploited? > > char *output; > > output = get_user_input(...); > printf(output); > > What happens when the user enters %n? With -D_FORTIFY_SOURCE=2 the program is aborted, unless the string resides in read-only memory ;) Jakub -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
