Thanks for all the hard work you put in on maintaining kernel documentation. The manpages for strcat[1], scanf[2], and getopt[3] don't mention the fact that using those functions can lead to buffer overflow security exploits. The Secure Programming HOWTO section about C/C++[4] explains how to avoid such exploits when using these functions. Please add a "BUGS" or "SECURITY" section to those functions' manpages, which talks about security. ^ [1]. http://www.kernel.org/doc/man-pages/online/pages/man3/strcat.3.html ^ [2]. http://www.kernel.org/doc/man-pages/online/pages/man3/scanf.3.html ^ [3]. http://www.kernel.org/doc/man-pages/online/pages/man3/getopt.3.html ^ [4]. http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/dangers-c.html
How does this sound for a "SECURITY" manpage section? === Programs that use this function may allow malicious users to take complete control of the machine by causing buffer overflows. As David Wheeler writes, "any time your program reads or copies data into a buffer, it needs to check that there's enough space before making the copy. An exception is if you can show it can't happen -- but often programs are changed over time that make the impossible possible." === Note 1: I wrote the first sentence of that paragraph. You can use it, of course. Note 2: On second thought, please only change the strcat and scanf manpages. It's not so clear to me anymore that getopt is insecure.
This bug is outdated. Please test against newer man pages. Cheers Nick