Comment by Morgawr
12 years ago
Really nice, it's so weird that format strings support %n, it's such a massive security vulnerability that I don't really know what was going on in the mind of the guy that decided to implement this.
But alas, it's always fun to see. Here's an excellent article on format string vulnerabilities, an amazing read: http://crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf
It's only a vulnerability if the user can control the format string. Otherwise it's a useful way of getting the lengths of things; but ironically it's not paying attention to lengths that also causes buffer overflow vulnerabilities...
C was designed way before security was a concern. If somebody exploited your program, you could just slap them because they'd be sitting at a terminal in the same room with you - no need for fancy ASLR or controlling how many characters you write to a buffer when physical violence was a viable option :)
Except security was already a concern in other operating systems that had Lisp, Cedar, Modula-2, Algol as system languages among others.
C designers just decided to ignored it.
This isn't even remotely true. Computer security was a concern and an area of study long before C/Unix showed up. Unix (and by extension C) descended directly from the Multics project, which from its start in 1964 made security a central priority. Kernighan and Ritche were important members of the Multics project. Further, the idea that everyone who used the computers of that era were "in the same room" is also patently absurd.
I like my fantasy about how things were back then better, thankyouverymuch. At least this way I can believe they didn't unleash the flood of pwnage on the world while knowing better.