AWK experts - how would I code around this in awk...

Dave Howorth dhoworth at mrc-lmb.cam.ac.uk
Tue Feb 23 13:05:46 UTC 2010


Steve Flynn wrote:
> I know that string was widely known to cause many versions of csh to
> have a minor coronary but I can't think of any other nastiness
> associated with it. Do tell! :)

Anything written in C is potentially a victim. Ignorant programmers
using printf instead of puts can allow attackers to overwrite memory
with it. The principle is described in
http://en.wikipedia.org/wiki/Format_string_attack

I believe the article is wrong about the date of discovery though. It's
possible I first read about it in the 1990 Comm ACM though I had thought
I knew about it earlier. It was certainly known as a possible attack
long before 1999 though and test plans included it through the 90s.

Cheers, Dave




More information about the ubuntu-users mailing list