It is the only one that actually writes to memory. It's occasionally convenient, but it's also largely unnecessary: the caller can typically make multiple calls to printf, for example, noting the return value for each one. Or use strlen and fputs. And so on.
The C11 printf_s functions don't support it at all, so it's clearly already on the naughty list even from the standard's perspective.
OpenBSD has removed the format specifier that makes this possible, for hopefully obvious reasons.
Was the thought process: "Anything involving C string handling is fundamentally security hostile, lets fix it by breaking %n!"
It is the only one that actually writes to memory. It's occasionally convenient, but it's also largely unnecessary: the caller can typically make multiple calls to printf, for example, noting the return value for each one. Or use strlen and fputs. And so on.
The C11 printf_s functions don't support it at all, so it's clearly already on the naughty list even from the standard's perspective.
Can you elaborate on the statement "Anything involving C string handling is fundamentally security hostile"?
4 replies →
Discussion at the time (181 points, 39 comments) https://news.ycombinator.com/item?id=7389623