1996-08-29 - Re: Code Review Guidelines (draft)

Header Data

From: Adam Shostack <adam@homeport.org>
To: ichudov@algebra.com
Message Hash: d946a0e846eb95a329ce90adf1de4e8cd3bdb0a5bfb14e6eec92a2fe09b389bd
Message ID: <199608291548.KAA07041@homeport.org>
Reply To: <199608271620.LAA10933@manifold.algebra.com>
UTC Datetime: 1996-08-29 17:35:22 UTC
Raw Date: Fri, 30 Aug 1996 01:35:22 +0800

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Fri, 30 Aug 1996 01:35:22 +0800
To: ichudov@algebra.com
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608271620.LAA10933@manifold.algebra.com>
Message-ID: <199608291548.KAA07041@homeport.org>
MIME-Version: 1.0
Content-Type: text


Igor, and many others who commented on the fact that many characters
are legal in email are correct.  However, with the exception of '-'
and '+', I'm not sure if I'll be changing the body of the guidelines.
My issue is that dealing with a wide variety of characters that are
legitamate, such as "cat ../../../etc/passwd"@foo.com is more
dangerous than only accepting the common case of user@host.net.

The number of addresses such as harvard!adam is dropping as the number
of 'normal' addresses grows.


Igor Chudov @ home wrote:
| Adam Shostack wrote:
| > http://www.homeport.org/~adam/review.html

| In part " V.Code (Security Issues)/3.Data Checking" you say the following:
| 
| `` Data coming in to Acme Widgets should be checked very carefully for
|         appropriateness. This check should be to see if the data is what
|         is expected (length, characters). Making a list of bad
|         characters is not the way to go; the lists are rarely complete.
|         A secure program should know what it expects, and reject other
|         input. (For example, if you are looking for an email address,
|         don't check to see if it contains a semi-colon or a newline,
|         check to see if it contains anything other than a [A-Za-z0-9._]
|         followed by an @, followed by a hostname [A-Za-z0-9._].)''
| END QUOTE
| 
| That is not entirely correct. An email address is much more than
| that, it can contain "!", several "@" characters (not next to each other
| though), "%", and so on. x400 mail addresses (?) can contain "/", "=",
| and all emails can have "+" and "-" and "_" in them. 
| 
| Some of the valid email addresses are
| 
| user_name@company.com
| alex+@pitt.edu
| mi%aldan.UUCP@algebra.com
| user%host.domain@anon.penet.fi
| host1!host2!user
| 
| Look at your sendmail.cf file for a humongous amount of 
| email parsing rules.
| 
| Thanks for an excellent document though, I put a link to it from my
| intranet page.

	You're welcome.

| 	- Igor "Code Obscurity Creates Job Security" Chudov.
| 

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






Thread