Home page logo

nanog logo nanog mailing list archives

From: Valdis.Kletnieks () vt edu
Date: Sat, 26 May 2001 15:14:47 -0400

On Sat, 26 May 2001 10:48:48 EDT, Mitch Halmu said:

Besides interoperability concerns with current software that will have
to become 'legacy', you will open the gates to any hacker and script
kiddie that can now mail you their favorite virus, trojan or worm just
as is was compiled. It's bad enough that unprintable characters and
buffer overflows in the header must be neutered. Scary stuff that you
haven't even thought of could happen with 8 bit message bodies...

FUD.  Complete and total FUD.

There's *NO* change in what can be transferred.  The ONLY difference is you
can avoid converting it to base64 at the one end and then decoding it at
the other end.  If you haven't noticed, viruses, trojans, and worms are being
transmitted just as were compiled, via the *current* infrastructure.

And the need for neutering characters in the header was recognized in
RFC1342, 10 years ago.

And 8 bit message bodies have been supported by Sendmail since 8.7,
all the way back in 1996.  The only thing that BDAT buys you over the
currently existing and *widely* deployed 8bitmime support (where Sendmail
will even automatically upgrade/downgrade from 8bit to 7bit using either
quoted-printable or base64, on a configurable basis), is that 8bitmime
is still bound by the 1000-char line length restriction in SMTP, where
you need a CR-LF pair at least every 998 characters.

BDAT doesn't open any exposures other than programmers that can't get
a length-data encoding right.  Hmm.. maybe we *should* worry... ;)
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]