Followup to: <[EMAIL PROTECTED]>
By author: Henry Spencer <[EMAIL PROTECTED]>
In newsgroup: linux.utf8
>
> On 3 Aug 2000, H. Peter Anvin wrote:
> > > ...The potential for security holes comes when you
> > > attempt to use the raw input, *without* decoding it. It is the
> > > *non-decoding* users who are vulnerable.
> >
> > Great. Now you have a datastream with may contain, say, embedded '/'
> > in filenames, or null characters. If you then convert them back to
> > UTF-8 you now have a string referring to a potentially completely
> > different file than you started with.
>
> If you're not using the raw input, why does this matter? My point stands:
> it's only people who try to use the raw input -- that is, users who are
> *not* decoding -- who are vulnerable. If you always decode the input
> before processing it, checking it, filtering it, etc., then games played
> with non-minimal encodings *cannot* affect you.
>
Sure. Now find a case where that *isn't* going to happen. There are
enough layers of software you need to worry about -- including the
filesystem itself. Seriously. Your argument sounds a lot like "if
your computer is off, you can't break into it" -- a truism, but an
utterly useless one.
-hpa
--
<[EMAIL PROTECTED]> at work, <[EMAIL PROTECTED]> in private!
"Unix gives you enough rope to shoot yourself in the foot."
http://www.zytor.com/~hpa/puzzle.txt
-
Linux-UTF8: i18n of Linux on all levels
Archive: http://mail.nl.linux.org/lists/
