Log injection in general

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Jan 17 09:39:19 UTC 2018

On Wed, Jan 17, 2018 at 10:23:40PM +1300, Andrew Bartlett wrote:
> > Doing that manually is the wrong layer. We should do that directly in
> > DEBUG(). I know this essentially means writing our own printf, but
> > relying on everybody to correcly escape what's going into
> > %s is not going to work.
> I wholeheartedly agree. 

As it is an issue you brought up, will you and your Team at Catalyst
allocate resources to it?

Thanks, Volker

Besuchen Sie die verinice.XP 2018 in Berlin,
Anwenderkonferenz für Informationssicherheit
vom 21.-23.03.2018 im Sofitel Kurfürstendamm
Info & Anmeldung hier: http://veriniceXP.org

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list