On 3 Aug 2000, H. Peter Anvin wrote:
> > ...The potential for security holes comes when you
> > attempt to use the raw input, *without* decoding it. It is the
> > *non-decoding* users who are vulnerable.
>
> Great. Now you have a datastream with may contain, say, embedded '/'
> in filenames, or null characters. If you then convert them back to
> UTF-8 you now have a string referring to a potentially completely
> different file than you started with.
If you're not using the raw input, why does this matter? My point stands:
it's only people who try to use the raw input -- that is, users who are
*not* decoding -- who are vulnerable. If you always decode the input
before processing it, checking it, filtering it, etc., then games played
with non-minimal encodings *cannot* affect you.
Henry Spencer
[EMAIL PROTECTED]
-
Linux-UTF8: i18n of Linux on all levels
Archive: http://mail.nl.linux.org/lists/
