===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/printf/printf.1,v
retrieving revision 1.11
retrieving revision 1.12
diff -c -r1.11 -r1.12
*** src/usr.bin/printf/printf.1	2000/03/23 21:10:18	1.11
--- src/usr.bin/printf/printf.1	2000/10/19 18:18:54	1.12
***************
*** 1,4 ****
! .\"	$OpenBSD: printf.1,v 1.11 2000/03/23 21:10:18 aaron Exp $
  .\"
  .\" Copyright (c) 1989, 1990 The Regents of the University of California.
  .\" All rights reserved.
--- 1,4 ----
! .\"	$OpenBSD: printf.1,v 1.12 2000/10/19 18:18:54 aaron Exp $
  .\"
  .\" Copyright (c) 1989, 1990 The Regents of the University of California.
  .\" All rights reserved.
***************
*** 316,321 ****
--- 316,332 ----
  .Nm
  command appeared in
  .Bx 4.3 Reno .
+ .Sh CAVEATS
+ It is important to never pass a string with user-supplied data as a
+ format without using
+ .Ql %s .
+ An attacker can put format specifiers in the string to mangle your stack,
+ leading to a possible security hole.
+ .Pp
+ Be sure to always use the proper secure idiom:
+ .Bd -literal -offset indent
+ printf "%s" "$STRING"
+ .Ed
  .Sh BUGS
  Since arguments are translated from
  .Tn ASCII