tags 413940 fixed-upstream thanks http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413940
> I suggest this new text for the bottom of the strcpy manpage: > > "Programs that use strcpy may allow malicious users to take complete > control of the machine by causing buffer overflows. Any time a program > reads or copies data into a buffer, the program needs to check that > there's enough space first. This may be unnecessary if you can show > it's impossible; but programs can get changed over time, making the > impossible possible. See also: http://dwheeler.com/secure-programs/"; > > I wrote the new text and hereby release this work to the public > domain. The text is adapted from a FAQ by David Wheeler. Also, > [EMAIL PROTECTED] helped me with the wording. Thanks to you both. Jason, The upstream man-page already had: BUGS If the destination string of a strcpy() is not large enough (that is, if the programmer was stupid or lazy, and failed to check the size before copying) then any- thing might happen. Overflowing fixed-length strings is a favorite cracker technique. I've reworked the text, incorporating parts of your proposed text: BUGS If the destination string of a strcpy() is not large enough, then anything might happen. Overflowing fixed- length string buffers is a favorite cracker technique for taking complete control of the machine. Any time a pro- gram reads or copies data into a buffer, the program first needs to check that there's enough space. This may be unnecessary if you can show that overflow is impossi- ble, but be careful: programs can get changed over time, in ways that may make the impossible possible. The changes will be in upstream man-pages-3.12. Thanks for your input! Cheers, Michael --- a/man3/strcpy.3 +++ b/man3/strcpy.3 @@ -123,10 +123,14 @@ if (n > 0) .SH BUGS If the destination string of a .BR strcpy () -is not large enough -(that is, if the programmer was stupid or lazy, and failed to check -the size before copying) then anything might happen. -Overflowing fixed-length strings is a favorite cracker technique. +is not large enough, then anything might happen. +Overflowing fixed-length string buffers is a favorite cracker technique +for taking complete control of the machine. +Any time a program reads or copies data into a buffer, +the program first needs to check that there's enough space. +This may be unnecessary if you can show that overflow is impossible, +but be careful: programs can get changed over time, +in ways that may make the impossible possible. .SH "SEE ALSO" .BR bcopy (3), .BR memccpy (3), -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ git://git.kernel.org/pub/scm/docs/man-pages/man-pages.git man-pages online: http://www.kernel.org/doc/man-pages/online_pages.html Found a bug? http://www.kernel.org/doc/man-pages/reporting_bugs.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
