On Thu, Sep 01, 2005 at 12:07:26PM +0200, Lars Persson Fink wrote: > I do not know if this classifies as a bug or feature request and if > there are any security implications from the problem below. > > I noticed that sshd does not encode the banner file in ISO-10646 UTF-8 > before sending it to the client as specified in > draft-ietf-secsh-userauth-27.txt. Instead it seems to send the file as > is.
To be honest, I think this is rather optimistic. How is the server supposed to know what character set the file is encoded in, if it isn't UTF-8? For example, you can't tell the difference between ISO-8859-1 and ISO-8859-2 unless you understand the language in question. At best, perhaps, the server could strip out characters not valid in UTF-8, or make a wild guess at ISO-8859-1, or similar. > It also seems as the client does not convert the banner from UTF-8 to > the codepage it runs in. This seems like a legitimate bug, though. Thanks, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
