[patch] alpha_strcpy for HEAD
Andrew Bartlett
abartlet at pcug.org.au
Fri Jan 18 02:57:02 GMT 2002
Alexander Bokovoy wrote:
>
> On Fri, Jan 18, 2002 at 08:17:44PM +1100, Andrew Bartlett wrote:
> > > This patch just allow consider _all_ letters (including multibute ones
> > > in e.g. UTF-8) as valid symbols.
> > Can you tell me that all letters won't include \ ' / " * @ ! .. within
> > that multibyte sequence?
> >
> > Can you tell me that they wont include a byte of value 255? That it
> > won't inlude *any shell metacharacter*?
> Please note that byte of value 255 is _valid_ letter (CYRILLIC SMALL
> LETTER YA, <U044F>) in encoding CP1251 which is native Unix encoding for
> Bulgarian and Belarusian langauges. Disabling it you're risking to break
> support for those languages at all.
This makes my point rather well actually.
If sombody sends us this (special to some shells) char what should we
do? Its a perfectly vaild char that we don't want to mess with, but it
could also allow an exploit on particualr systems in particuar
configurations.
This is why I think we need a better way to 'vet' this incoming data.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list