unsubcribe wendell@singnet.com.sg To: hag@ai.mit.edu Subject: Re: Code Review Guidelines (draft) From: lists@lina.inka.de (Bernd Eckenfels) Date: Wed, 28 Aug 1996 03:30:49 +0200 (MET DST) Cc: ichudov@algebra.com, adam@homeport.org, firewalls@greatcircle.com, cypherpunks@toad.com, coderpunks@toad.com In-Reply-To: <199608272111.RAA23997@galapas.ai.mit.edu> from "Daniel Hagerty" at Aug 27, 96 05:11:39 pm Sender: owner-cypherpunks@toad.com Hi,
Much better, look at rfc822. (I wouldn't consider *anything* that has the word "sendmail" in it a good reference).
its much better if you dont rely on the content of the string at all. Dont use sh -c or system and you will be save. Simply asume that all characters are valid in user suplied strings and treat them exactly that way... If they need to be exporeted then unfortunately they need to be 'untainted' and this should be done by positive not negative lists as mentioned in the guidelines. Greetings Bernd PS: I have collected the references on http://www.inka.de/sites/lina/freefire-l/ -- (OO) -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de -- ( .. ) ecki@{lina.inka.de,linux.de} http://home.pages.de/~eckes/ o--o *plush* 2048/A2C51749 eckes@irc +4972573817 *plush* (O____O) If privacy is outlawed only Outlaws have privacy