1996-08-28 - [Fwd: Re: Code Review Guidelines (draft)]

Header Data

From: Wendell Lee <wendell@singnet.com.sg>
To: cypherpunks@toad.com
Message Hash: c9b69a57aa52e5ac0401896de56594cc6ed37fa57f97394ea8f09f1674ff9068
Message ID: <304171D2.77A3@singnet.com.sg>
Reply To: N/A
UTC Datetime: 1996-08-28 09:47:21 UTC
Raw Date: Wed, 28 Aug 1996 17:47:21 +0800

Raw message

From: Wendell Lee <wendell@singnet.com.sg>
Date: Wed, 28 Aug 1996 17:47:21 +0800
To: cypherpunks@toad.com
Subject: [Fwd: Re: Code Review Guidelines (draft)]
Message-ID: <304171D2.77A3@singnet.com.sg>
MIME-Version: 1.0
Content-Type: text/plain

unsubcribe wendell@singnet.com.sg


To: hag@ai.mit.edu
Subject: Re: Code Review Guidelines (draft)
From: lists@lina.inka.de (Bernd Eckenfels)
Date: Wed, 28 Aug 1996 03:30:49 +0200 (MET DST)
Cc: ichudov@algebra.com, adam@homeport.org, firewalls@greatcircle.com,       cypherpunks@toad.com, coderpunks@toad.com
In-Reply-To: <199608272111.RAA23997@galapas.ai.mit.edu> from "Daniel Hagerty" at Aug 27, 96 05:11:39 pm
Sender: owner-cypherpunks@toad.com

Hi,

>     Much better, look at rfc822.  (I wouldn't consider *anything* that
> has the word "sendmail" in it a good reference).

its much better if you dont rely on the content of the string at all. Dont
use sh -c or system and you will be save. Simply asume that all characters
are valid in user suplied strings and treat them exactly that way... If they
need to be exporeted then unfortunately they need to be 'untainted' and this
should be done by positive not negative lists as mentioned in the
guidelines.

Greetings
Bernd

PS: I have collected the references on
http://www.inka.de/sites/lina/freefire-l/
-- 
  (OO)      -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
 ( .. )   ecki@{lina.inka.de,linux.de}  http://home.pages.de/~eckes/
  o--o     *plush*  2048/A2C51749  eckes@irc  +4972573817  *plush*
(O____O)       If privacy is outlawed only Outlaws have privacy





Thread