Bazsi, all, I am not really able to follow the thread, but let me put in an important thought.
We *must* allow LF inside the message. If we do not do that, it would cause problems with -protocol. This issue has been discussed at length, and there are good reasons for allowing it. So while I vote to use LF for record delineation, I also say that this means LF MUST be escaped if present in the actual message (transfer encoding). After being decoded, LF may be present in MSG. Maybe this already has been said ;) Rainer > -----Original Message----- > From: Balazs Scheidler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 09, 2006 1:47 AM > To: John Calcote > Cc: [EMAIL PROTECTED]; 'Tom Petch' > Subject: RE: [Syslog] delineated datagrams > > On Tue, 2006-08-08 at 13:44 -0600, John Calcote wrote: > > Chris, > > > > While I agree with you in principle that both forms of > delineation are > > nice to have for interop, I _wish_ we could get rid of LF - that so > > limits the sort of data that can be sent in the message. My two > > cents... > > The message you send are _already_ limited as most syslog daemons > replace "\n" character with something else as it would clobber the > message file when it is written to disk. > > In fact leaving the CR LF characters in the message could be > a security > risk as that way messages can be "hidden", for instance if a daemon > writes the following message: > > This is a foo message, bar=<data supplied by external entity> > > Then the value for "bar" might contain CR, putting the cursor to the > beginning of the line on a usual VT100 compatible terminal, > and the rest > of can pose as a regular log message, overwriting the previous one on > the screen. > > Of course this can be worked around by using some form of > escaping while > data is written to files, but again the LF character does not remain > intact. > > syslog-ng for instance replaces CR and LF characters in the > message with > a space as it comes in. I rarely heard any complaints about this > behaviour. And another fact is syslog/RAW also uses LF line > terminators > when multiple messages are delivered in a single BEEP frame. > > -- > Bazsi > > > _______________________________________________ > Syslog mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
