From: Wendell Lee <wendell@singnet.com.sg>
To: cypherpunks@toad.com
Message Hash: c9b69a57aa52e5ac0401896de56594cc6ed37fa57f97394ea8f09f1674ff9068
Message ID: <304171D2.77A3@singnet.com.sg>
Reply To: N/A
UTC Datetime: 1996-08-28 09:47:21 UTC
Raw Date: Wed, 28 Aug 1996 17:47:21 +0800
From: Wendell Lee <wendell@singnet.com.sg>
Date: Wed, 28 Aug 1996 17:47:21 +0800
To: cypherpunks@toad.com
Subject: [Fwd: Re: Code Review Guidelines (draft)]
Message-ID: <304171D2.77A3@singnet.com.sg>
MIME-Version: 1.0
Content-Type: text/plain
unsubcribe wendell@singnet.com.sg
To: hag@ai.mit.edu
Subject: Re: Code Review Guidelines (draft)
From: lists@lina.inka.de (Bernd Eckenfels)
Date: Wed, 28 Aug 1996 03:30:49 +0200 (MET DST)
Cc: ichudov@algebra.com, adam@homeport.org, firewalls@greatcircle.com, cypherpunks@toad.com, coderpunks@toad.com
In-Reply-To: <199608272111.RAA23997@galapas.ai.mit.edu> from "Daniel Hagerty" at Aug 27, 96 05:11:39 pm
Sender: owner-cypherpunks@toad.com
Hi,
> Much better, look at rfc822. (I wouldn't consider *anything* that
> has the word "sendmail" in it a good reference).
its much better if you dont rely on the content of the string at all. Dont
use sh -c or system and you will be save. Simply asume that all characters
are valid in user suplied strings and treat them exactly that way... If they
need to be exporeted then unfortunately they need to be 'untainted' and this
should be done by positive not negative lists as mentioned in the
guidelines.
Greetings
Bernd
PS: I have collected the references on
http://www.inka.de/sites/lina/freefire-l/
--
(OO) -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
( .. ) ecki@{lina.inka.de,linux.de} http://home.pages.de/~eckes/
o--o *plush* 2048/A2C51749 eckes@irc +4972573817 *plush*
(O____O) If privacy is outlawed only Outlaws have privacy
Return to August 1996
Return to “Wendell Lee <wendell@singnet.com.sg>”
1996-08-28 (Wed, 28 Aug 1996 17:47:21 +0800) - [Fwd: Re: Code Review Guidelines (draft)] - Wendell Lee <wendell@singnet.com.sg>