On Thu, 23 Feb 1995, der Mouse wrote: > cleanstrcpy(), referred to several times above, is like strcpy, but it > strips newlines and copies only a restricted set of characters: > letters, digits, and !#$%&'*+-./^_`{|}~ - why that set was chosen, > there's no indication. Imagine if an "untrustworthy element" on your system supplied an argument with a newline embedded in it, and it was then fprintf(qf, "%s@%s\n", arg, userstring); to the queue file. You can cause extra lines to be written into the queue files, of whatever content you like, and if you choose correctly, you should be able to do some pretty horrible things. Actually, I like the approach of "explicitly listing what we know is good", rather than "exclude characters that we know of that are bad" - it's a lot safer to verify and has less suprises down the track. -Peter > der Mouse > > mouse@collatz.mcrcim.mcgill.edu