Re: FTBFS if "-Werror=format-security" flag is used

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 5, 2013 at 12:11 AM, Brendan Jones
<brendan.jones.it@xxxxxxxxx> wrote:
> On 12/05/2013 12:11 AM, Ian Pilcher wrote:
>>
>> On 12/04/2013 04:56 PM, Brendan Jones wrote:
>>>
>>> Patching is not a problem. Unnecessary is the question. Explain to me
>>> (not you in particular Rahul) how these printf's can possibly be
>>> exploited?
>>
>>
>>    char *output;
>>
>>    output = get_user_input(...);
>>    printf(output);
>>
>> What happens when the user enters %n?
>>
> I remain unconvinced. Exploit my system with one of ams, aubio, hydrogen,
> jack-keyboard, phasex, portmidi or yoshimi.
>
> I just can't see it

Suppose I create a malicious drumkit and either get it uploaded to one
of the officially recommended links at
http://www.hydrogen-music.org/hcms/node/16 , or even just attach it in
bugzilla to a bug report saying that the Fedora hydrogen package
crashes or otherwise mishandles that file (causing _you_ personally to
open that file, even if in a debugger)?

Note that I _don't really know_ whether this is exploitable with
hydrogen; though the incorrect format strings being in a class named
Object does suggest that the affected input paths may be pretty
widespread.

Even if this weren't a security issue (or it were already mitigated by
_FORTIFY_SOURCE), it's a simple correctness issue: the program's
output should be correct, and the program should not abort just
because "100%new" happens to appear in a string.  As long as it it's
worth it to have software packaged in Fedora it's not "unnecessary" to
fix bugs IMHO.
     Mirek
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux