[1075] in bugtraq
Re: Sendmail 8.6.10: what's different?
daemon@ATHENA.MIT.EDU (Christian Wettergren)
Fri Feb 24 12:09:10 1995
To: Peter Wemm <peter@haywire.DIALix.COM>
Cc: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>, bugtraq@fc.net
In-Reply-To: Your message of Fri, 24 Feb 95 11:07:13 +0800.
<Pine.SV4.3.91.950224105300.14319D-100000@haywire.DIALix.COM>
Date: Fri, 24 Feb 95 15:32:59 +0100
From: Christian Wettergren <cwe@it.kth.se>
| On Thu, 23 Feb 1995, der Mouse wrote:
| > cleanstrcpy(), referred to several times above, is like strcpy, but it
| > strips newlines and copies only a restricted set of characters:
| > letters, digits, and !#$%&'*+-./^_`{|}~ - why that set was chosen,
| > there's no indication.
The reason for that set of characters are that it is the characters that
"divide" input into tokens in /bin/sh.
CERT once recommended me to use the following set of filtered characters
'"', '*', '&', '|', '$', ';', '`', '\', '=', '?', '<', '>',
'!', '(', ')', '\n', '{', '}', '[', ']', '^', '`'
that is "\"*&|$;'\\=?<>!()\n{}[]^`"
If we diff the two sets, we get
common: !$*&|'^`{}
sendmail: #%+-./_~
cert: ";\=?<>()\n[]
There are a few ones missing above, that maybe should be included, like
'[' and ']'. There is also a number of additional characters '#', '%',
'+', '-', '.', '/', '_' and '~', which I take as erring on the safe side,
like avoiding the possibility of specifying paths and arguments to programs.
| Actually, I like the approach of "explicitly listing what we know is
| good", rather than "exclude characters that we know of that are bad" -
| it's a lot safer to verify and has less suprises down the track.
Do you mean that one could miss a few of them? Unthinkable! :-)
/Christian Wettergren
