1996-08-28 - Re: Code Review Guidelines (draft)
Header Data
From: lists@lina.inka.de (Bernd Eckenfels)
To: hag@ai.mit.edu
Message Hash: a8f52b40289821cb24f0b736789c9100f93e5c38262617254c5a504b430542e8
Message ID: <m0uvZT1-0004kIC@lina>
Reply To: <199608272111.RAA23997@galapas.ai.mit.edu>
UTC Datetime: 1996-08-28 04:24:14 UTC
Raw Date: Wed, 28 Aug 1996 12:24:14 +0800
Raw message
From: lists@lina.inka.de (Bernd Eckenfels)
Date: Wed, 28 Aug 1996 12:24:14 +0800
To: hag@ai.mit.edu
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608272111.RAA23997@galapas.ai.mit.edu>
Message-ID: <m0uvZT1-0004kIC@lina>
MIME-Version: 1.0
Content-Type: text/plain
Hi,
> Much better, look at rfc822. (I wouldn't consider *anything* that
> has the word "sendmail" in it a good reference).
its much better if you dont rely on the content of the string at all. Dont
use sh -c or system and you will be save. Simply asume that all characters
are valid in user suplied strings and treat them exactly that way... If they
need to be exporeted then unfortunately they need to be 'untainted' and this
should be done by positive not negative lists as mentioned in the
guidelines.
Greetings
Bernd
PS: I have collected the references on
http://www.inka.de/sites/lina/freefire-l/
--
(OO) -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
( .. ) ecki@{lina.inka.de,linux.de} http://home.pages.de/~eckes/
o--o *plush* 2048/A2C51749 eckes@irc +4972573817 *plush*
(O____O) If privacy is outlawed only Outlaws have privacy
Thread
Return to August 1996
- Return to “Adam Shostack <adam@homeport.org>”
- Return to “Daniel Hagerty <hag@ai.mit.edu>”
- Return to “ichudov@algebra.com (Igor Chudov @ home)”
- Return to “lists@lina.inka.de (Bernd Eckenfels)”
Return to ““Mark O. Aldrich” <maldrich@grci.com>”
- 1996-08-27 (Tue, 27 Aug 1996 12:46:43 +0800) - Code Review Guidelines (draft) - Adam Shostack <adam@homeport.org>
- 1996-08-27 (Wed, 28 Aug 1996 04:42:29 +0800) - Re: Code Review Guidelines (draft) - ichudov@algebra.com (Igor Chudov @ home)
- 1996-08-27 (Wed, 28 Aug 1996 06:51:55 +0800) - Re: Code Review Guidelines (draft) - “Mark O. Aldrich” <maldrich@grci.com>
- 1996-08-29 (Fri, 30 Aug 1996 01:35:22 +0800) - Re: Code Review Guidelines (draft) - Adam Shostack <adam@homeport.org>
- 1996-08-29 (Fri, 30 Aug 1996 02:55:56 +0800) - Re: Code Review Guidelines (draft) - ichudov@algebra.com (Igor Chudov @ home)
- 1996-08-29 (Fri, 30 Aug 1996 02:43:31 +0800) - Re: Code Review Guidelines (draft) - Adam Shostack <adam@homeport.org>
- 1996-08-29 (Fri, 30 Aug 1996 02:55:56 +0800) - Re: Code Review Guidelines (draft) - ichudov@algebra.com (Igor Chudov @ home)
- 1996-08-28 (Wed, 28 Aug 1996 08:12:30 +0800) - Re: Code Review Guidelines (draft) - Daniel Hagerty <hag@ai.mit.edu>
- 1996-08-28 (Wed, 28 Aug 1996 12:24:14 +0800) - Re: Code Review Guidelines (draft) - lists@lina.inka.de (Bernd Eckenfels)
- 1996-08-29 (Fri, 30 Aug 1996 02:23:57 +0800) - Re: Code Review Guidelines (draft) - Adam Shostack <adam@homeport.org>
- 1996-08-28 (Wed, 28 Aug 1996 12:24:14 +0800) - Re: Code Review Guidelines (draft) - lists@lina.inka.de (Bernd Eckenfels)
- 1996-08-27 (Wed, 28 Aug 1996 04:42:29 +0800) - Re: Code Review Guidelines (draft) - ichudov@algebra.com (Igor Chudov @ home)