Re: Sendmail 8.6.10: what's different?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Stephen Gildea: "Re: X keyboard sniffing"
• Previous message: der Mouse: "Re: I still don't buy that sendmail is "fixed"."
• Maybe in reply to: der Mouse: "Sendmail 8.6.10: what's different?"
• Next in thread: Christian Wettergren: "Re: Sendmail 8.6.10: what's different?"

>> cleanstrcpy(), referred to several times above, is like strcpy, but
>> it strips newlines and copies only a restricted set of characters:
>> letters, digits, and !#$%&'*+-./^_`{|}~

> The reason for that set of characters are that it is the characters
> that "divide" input into tokens in /bin/sh.

> CERT once recommended me to use the following set of filtered
> characters "\"*&|$;'\\=?<>!()\n{}[]^`"

I don't quite understand what you mean.  The list I quoted is
characters that cleanstrcpy() _is_ willing to copy.  Neither the set
sendmail copies nor the set sendmail refuses to copy contains all the
token delimiters in any shell I am aware of - for example, . is copied
and @ isn't, but both are plain characters in every shell I know of;
and ' is copied but " isn't, and both are special in every shell I know
of.  This is why I found the choice of characters hard to understand.
I would almost think it is excluding some list of mail-addressing
characters, except that it copies ! and %....

					der Mouse

			    mouse@collatz.mcrcim.mcgill.edu

• Next message: Stephen Gildea: "Re: X keyboard sniffing"
• Previous message: der Mouse: "Re: I still don't buy that sendmail is "fixed"."
• Maybe in reply to: der Mouse: "Sendmail 8.6.10: what's different?"
• Next in thread: Christian Wettergren: "Re: Sendmail 8.6.10: what's different?"