[657] in linux-security and linux-alert archive
Re: [linux-security] two comments..
daemon@ATHENA.MIT.EDU (Wietse Venema)
Thu Apr 4 15:02:09 1996
From: wietse@wzv.win.tue.nl (Wietse Venema)
To: hobbit@avian.org (*Hobbit*)
Date: Thu, 4 Apr 96 20:06:01 MET DST
Cc: linux-security@tarsier.cv.nrao.edu, best-of-security@suburbia.net
In-Reply-To: <199604031802.NAA20575@narq.avian.org>; from "*Hobbit*" at Apr 3, 96 1:02 pm
*Hobbit* wrote:
[lookup tables that can fill an entire screen]
Hobbit, with due respect, these tables make it rather difficult to spot
in a glance what is being allowed and what not. In the problem at hand,
speed is really not an issue; ease of verification should come first.
Here is my suggestion, taken from the tcp wrapper. Any oversight in the
set of allowed characters is easily identified.
static char ok_chars[] = "1234567890!@%-_=+:,./\
abcdefghijklmnopqrstuvwxyz\
ABCDEFGHIJKLMNOPQRSTUVWXYZ";
...
for (cp = stuff; *(cp += strspn(cp, ok_chars)); /* */ )
*cp = '_';
Perhaps it is time to impose an ECO tax on every line of code written.
Wietse
