Linux and UNIX Man Pages

Test Your Knowledge in Computers #465
Difficulty: Medium
A 2017 security audit of three NTP implementations, conducted on behalf of the Linux Foundation's Core Infrastructure Initiative, suggested that both NTP was less secure than Chrony.
True or False?
Linux & Unix Commands - Search Man Pages

vwarn(3c) [opensolaris man page]

err(3C) 						   Standard C Library Functions 						   err(3C)

err, verr, errx, verrx, warn, vwarn, warnx, vwarnx - formatted error messages SYNOPSIS
#include <err.h> void err(int eval, const char *fmt, ...); void verr(int eval, const char *fmt, va_list args); void errx(int eval, const char *fmt, ...); void verrx(int eval, const char *fmt, va_list args); void warn(const char *fmt, ...); void vwarn(const char *fmt, va_list args); void warnx(const char *fmt, ...); void vwarnx(const char *fmt, va_list args); DESCRIPTION
The err() and warn() family of functions display a formatted error message on the standard error output. In all cases, the last component of the program name, followed by a colon character and a space, are output. If the fmt argument is not NULL, the formatted error message is output. In the case of the err(), verr(), warn(), and vwarn() functions, the error message string affiliated with the current value of the global variable errno is output next, preceded by a colon character and a space if fmt is not NULL. In all cases, the output is followed by a newline character. The errx(), verrx(), warnx(), and vwarnx() functions will not output this error message string. The err(), verr(), errx(), and verrx() functions do not return, but instead cause the program to terminate with the status value given by the argument status. EXAMPLES
Example 1 Display the current errno information string and terminate with status indicating failure. if ((p = malloc(size)) == NULL) err(EXIT_FAILURE, NULL); if ((fd = open(file_name, O_RDONLY, 0)) == -1) err(EXIT_FAILURE, "%s", file_name); Example 2 Display an error message and terminate with status indicating failure. if (tm.tm_hour < START_TIME) errx(EXIT_FAILURE, "too early, wait until %s", start_time_string); Example 3 Warn of an error. if ((fd = open(raw_device, O_RDONLY, 0)) == -1) warnx("%s: %s: trying the block device", raw_device, strerror(errno)); if ((fd = open(block_device, O_RDONLY, 0)) == -1) warn("%s", block_device); WARNINGS
It is important never to pass a string with user-supplied data as a format without using `%s'. An attacker can put format specifiers in the string to mangle the stack, leading to a possible security hole. This holds true even if the string has been built ``by hand'' using a function like snprintf(3C), as the resulting string can still contain user-supplied conversion specifiers for later interpolation by the err() and warn() functions. Always be sure to use the proper secure idiom: err(1, "%s", string); ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Committed | +-----------------------------+-----------------------------+ |MT-Level |Save with Exceptions | +-----------------------------+-----------------------------+ These functions are safe to use in multithreaded applications as long as setlocale(3C) is not being called to change the locale. SEE ALSO
exit(3C), getexecname(3C), setlocale(3C), strerror(3C), attributes(5) SunOS 5.11 20 Aug 2007 err(3C)

Featured Tech Videos