Subject: Re: proposal: disable *printf %n specifier in libc in NetBSD 1.5
To: None <tech-userlevel@netbsd.org>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-userlevel
Date: 09/11/2000 15:45:58
Fixing and issuing advisories for format string bugs may end up
consuming a significant fraction of the security officer's bandwidth.

I'd like someone who's advocating keeping %n enabled by default to
step forward and volunteer to handle fixing and issuing advisories for
all current and future format-string security problems discovered in
NetBSD and NetBSD packages.

Thanks.

					- Bill