Re: finger

[Kimmo Suominen <kim%tac.nyc.ny.us@localhost>]

We could add an option to finger to have it force LC_CTYPE to "C".  This
would effectively revert to the original behaviour.

I'm planning to add an option to fingerd to have it force LC_CTYPE to
en_US.ISO8859-1 or any user supplied value (on its command line), so
that remote finger will work.  Currently inetd (and fingerd) runs with
LC_CTYPE set to "C" (or rather "nothing"), so finger kim@localhost still
is returning only 7bit characters.

+ Kim


| From:    itojun%iijlab.net@localhost
| Date:    Mon, 12 Aug 2002 00:48:54 +0900
|
| >> >What is the danger you see in allowing the 8-bit data?  If it is
| >> >a printable character for the user running finger, I see no danger.
| >> >Please answer that question, so I can understand better.
| >>    you seem to assume that both ends agree about their idea about
| >>    multibyte encoding.  that's not possible.  for instance, if fingerd
| >No, the idea is simply and no more than to avoid security
| >compromises through receiving terminal control characters.
| >Maybe !iscntrl() or something like that would be better for this
| >purpose, however.
|
|       even if your assumption about security compromise is correct, iscntrl()
|       is not enough for that.  haven't you seen exploits using UTF-8 encoding
|       ambiguity?
|
| itojun
|