In light of the recent discovery of remotely exploitable secuity holes in well established daemons, it seems like the %n printf conversion specifier is more dangerous than it is useful. Essentially it allows overwriting anything anywhere in the process's data space, not just the stack. For example, the published exploits use it to overwrite entries in the jump table for shared library routines so the attacker's code gets called instead. See VULN-DEV or BUGTRAQ for details. Considering the limited usefulness and the risk involved, would it be prudent to remove %n from openssl's b_print.c? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
