Log injection in general
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Jan 17 09:39:19 UTC 2018
On Wed, Jan 17, 2018 at 10:23:40PM +1300, Andrew Bartlett wrote:
> > Doing that manually is the wrong layer. We should do that directly in
> > DEBUG(). I know this essentially means writing our own printf, but
> > relying on everybody to correcly escape what's going into
> > %s is not going to work.
>
> I wholeheartedly agree.
As it is an issue you brought up, will you and your Team at Catalyst
allocate resources to it?
Thanks, Volker
--
Besuchen Sie die verinice.XP 2018 in Berlin,
Anwenderkonferenz für Informationssicherheit
vom 21.-23.03.2018 im Sofitel Kurfürstendamm
Info & Anmeldung hier: http://veriniceXP.org
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list