|
Bugtraq
mailing list archives
Re: Sendmail 8.6.10: what's different?
From: cwe () it kth se (Christian Wettergren)
Date: Fri, 24 Feb 95 15:32:59 +0100
| On Thu, 23 Feb 1995, der Mouse wrote:
| > cleanstrcpy(), referred to several times above, is like strcpy, but it
| > strips newlines and copies only a restricted set of characters:
| > letters, digits, and !#$%&'*+-./^_`{|}~ - why that set was chosen,
| > there's no indication.
The reason for that set of characters are that it is the characters that
"divide" input into tokens in /bin/sh.
CERT once recommended me to use the following set of filtered characters
'"', '*', '&', '|', '$', ';', '`', '\', '=', '?', '<', '>',
'!', '(', ')', '\n', '{', '}', '[', ']', '^', '`'
that is "\"*&|$;'\\=?<>!()\n{}[]^`"
If we diff the two sets, we get
common: !$*&|'^`{}
sendmail: #%+-./_~
cert: ";\=?<>()\n[]
There are a few ones missing above, that maybe should be included, like
'[' and ']'. There is also a number of additional characters '#', '%',
'+', '-', '.', '/', '_' and '~', which I take as erring on the safe side,
like avoiding the possibility of specifying paths and arguments to programs.
| Actually, I like the approach of "explicitly listing what we know is
| good", rather than "exclude characters that we know of that are bad" -
| it's a lot safer to verify and has less suprises down the track.
Do you mean that one could miss a few of them? Unthinkable! :-)
/Christian Wettergren
 By Date 
By Thread
Current thread:
|
Intro
