我们为什么不应该通过在printf语句的程序的输入？ [英] Why should we not pass the input of the program in the printf statement?

问题描述

什么是安全漏洞可能吗？或任何攻击？

What are the security breaches possible ? or any attacks?

推荐答案

这printf函数的参数？

Which argument of the printf function?

的printf（％S \\ N，untrusted_string）; 主要是确定，但如果输出是要一个终端，并且如果该终端响应于控制codeS，那么它有可能可以弄乱面目全非的终端设置。

printf("%s\n", untrusted_string); is mostly OK, although if output is going to a terminal, and if the terminal responds to control codes, then it potentially could mess up the terminal settings beyond all recognition.

显然，这还当你的程序的输出将被作为可执行code变得有趣。它可能并不总是显而易见的，你这是。例如，假设您编写了扫描你的Web服务器日志，并生成一个HTML报告，列出访问过的所有网址的程序。进一步假设我访问的http：//例子/＆LT;脚本＆GT; ...＆LT; / SCRIPT＆GT; 。我得到一个错误信息，但该网址仍记录。如果你已经打印无需修改输入，那么你可能会当您查看报表文件是在一个教育的夜晚。用户输入需要被沿线某处消毒

Obviously it also gets interesting when the output of your program is going to be used as executable code. It may not always be obvious to you that it is. For example, suppose you write a program that scans your web server logs and produces an HTML report listing all the URLs visited. Suppose further that I visit http://example/<script>...</script>. I get an error message, but the URL is still logged. If you've printed the input without modification, then you might be in for an educational evening when you review your report files. The user input needs to be sanitized somewhere along the line.

呼应用户已经提供的数据，后面相同的用户，是稍微更安全。然而，再次在网络背景下，XSRF攻击是一种常见的技术 - 你可能的认为的您的用户写道输入自己的时候，确实他们没有，所以实际上你呼应一些攻击者数据返回给用户。同样可以适用，即使在命令行程序 - 如果用户提供一个文件作为命令行参数，但该文件（如上面我的服务器日志）是由一个攻击者，然后打印该文件的部分回用户具有潜在后果的用户从来没有打算。

Echoing data that the user has supplied, back the same user, is somewhat safer. However, again in a web context, XSRF attacks are a common technique -- you might think that your users wrote the input themselves, when really they didn't, and so actually you're echoing some attacker's data back to the user. The same could apply even in command-line programs -- if the user supplies a file as a command-line argument, but the file (like my server log above) was written by an attacker, then printing parts of that file back to the user potentially has consequences the user never intended.

这都不是的不一定的理由不这样做。与以往一样安全，你不能说一个特定的行为是否是或不是的安全，因为它取决于在该行动发生的背景。

None of which is necessarily a reason not to do it. As ever in security, you can't say whether a particular action "is" or "isn't" secure, because it depends on the context in which that action occurs.

的printf（untrusted_string）; 肯定是不行的，因为提供的字符串可能是％S，与未定义的行为。你可能会认为自己，哦，好了，只的读取的地方应该不会有什么危害可以在可能吗？在这种情况下，你最终会加入谁已经在该袭击者显示组合多个漏洞创建一个可行的攻击聪明才智感到惊讶的人长长的名单。阅读，你应该没有明确的可导致拒绝服务，而且还与其他问题结合可能泄露敏感信息。

printf(untrusted_string); is definitely no good, since the string supplied might be "%s", with undefined behavior. You might think to yourself, "oh, well, it only reads where it shouldn't, what harm can that possibly do?" In which case you will eventually join the long list of people who've been surprised at the ingenuity which attackers show in combining multiple bugs to create a workable attack. Reading where you shouldn't clearly can lead to DoS, but also in combination with other issues could leak sensitive information.

这篇关于我们为什么不应该通过在printf语句的程序的输入？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！