Re: clisp/modules/syscalls calls.c,1.162,1.163

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Sam Steingold wrote:
>the only arguments for your patch I can think of is
[2 reasons]
And those are reason enough, don't you think?

>how is the syslog way more dangerous?
>- user expectations: special handling of % may be surprising
That's the answer already.
Application programmers may log user-given input, e.g. URL's.  Thus specially crafted URL's can cause the application to crash.

That's a very typical software vulnerability.

Telling the application programmer that he needs
(loop for pos = (position #\% output-for-syslog)
      ; either that or turn % to %%:
      do (ecase (char output (1+ pos)
          ((#\% #\m) t)))
would be way stupid, given that there's no way to make use of %s etc. in the interface the module provides so far.
My %s patch provides a no-surprise and robust interface to the syslog facility. Please scan the CERT vulnerabilities. You will find exactly this patch in other packages. That's, BTW, how I came to look into the syscalls package.

>  OTOH, what if the user uses some foreign calls?
>  then he should have errno available as a foreign thing as well.
Already there in the linux module (you may wish to duplicate it in posix?).

So I think that the next urgent thing is to fix the security gap. Too bad that clisp-2.37 is out in the meantime. It would have been a perfect match: the hypothetical CERT message would have said "fixed in 2.37, please upgrade".

Regards,
	Jorg Hohle