Reply to post: Are these bugs deliberate?

That critical VMware vuln allowed anyone on your network to create new admin users, no creds needed

Sam Liddicott

Are these bugs deliberate?

It's clearly a programmer error - it's not valid to call that function without valid credentials!

At least that's the sort of response I get when I report bugs.

I reported today how bash's printf %q format can leave a dangling unused backslash which voids the whole safety benefit of %q

Apparently it's a programmer error to expect to use %q as advertised.

It's not safe to use a truncating size specifier with %q e.g. %.8q

It could be made safe, but why bother for "a programmer error"?

I don't think these sorts of bugs are deliberate but I know others do.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022