Re: finger

To: "Soren S. Jorvang" <soren%wheel.dk@localhost>
Subject: Re: finger
From: itojun%iijlab.net@localhost
Date: Mon, 12 Aug 2002 00:48:54 +0900

>> >What is the danger you see in allowing the 8-bit data?  If it is
>> >a printable character for the user running finger, I see no danger.
>> >Please answer that question, so I can understand better.
>>      you seem to assume that both ends agree about their idea about
>>      multibyte encoding.  that's not possible.  for instance, if fingerd
>No, the idea is simply and no more than to avoid security
>compromises through receiving terminal control characters.
>Maybe !iscntrl() or something like that would be better for this
>purpose, however.

        even if your assumption about security compromise is correct, iscntrl()
        is not enough for that.  haven't you seen exploits using UTF-8 encoding
        ambiguity?

itojun

Follow-Ups:
- Re: finger
  - From: Kimmo Suominen

References:
- Re: finger
  - From: Soren S. Jorvang

Prev by Date: CVS commit: basesrc/distrib/sets/lists/man
Next by Date: Re: finger
Previous by Thread: Re: finger
Next by Thread: Re: finger
Indexes:

Home | Main Index | Thread Index | Old Index