Bruno Haible <[EMAIL PROTECTED]> wrote: > Jim Meyering wrote: >> It is the key that gives format-abusers so much latitude >> in choosing what value to write where. Without that >> feature, coming up with a real exploit is much harder. > > Without %n, one can still use format strings like > %.10000000f%.10000000f%.10000000f%.10000000f%.10000000f%.10000000f > to conduct denial-of-service attacks.
Yes, it'd be great if all exploits resulted only in a DoS. But limiting use of %n makes it much harder to construct more serious exploits e.g., resulting in arbitrary code execution.
