Subject: Re: finger
To: Soren S. Jorvang <soren@wheel.dk>
From: None <itojun@iijlab.net>
List: source-changes
Date: 08/12/2002 00:48:54
>> >What is the danger you see in allowing the 8-bit data? If it is
>> >a printable character for the user running finger, I see no danger.
>> >Please answer that question, so I can understand better.
>> you seem to assume that both ends agree about their idea about
>> multibyte encoding. that's not possible. for instance, if fingerd
>No, the idea is simply and no more than to avoid security
>compromises through receiving terminal control characters.
>Maybe !iscntrl() or something like that would be better for this
>purpose, however.
even if your assumption about security compromise is correct, iscntrl()
is not enough for that. haven't you seen exploits using UTF-8 encoding
ambiguity?
itojun