> Yes, except that the actually safe way to escape random strings is to > pass them as %s, rather than relying on some home brewed solution.
I'm not arguing that it's great code, because it's not. I'm just saying that the reported format string vulnerability doesn't seem to exist, if it is related to the syslog calls and not to something else. // Ulf Harnhammar, Debian Security Audit Project -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 8 at http://www.opera.com Powered by Outblaze
