>See attached. I am concerned with the method in the passive breakin
>section. This particular problem seems to be relatively easy to fix
>and is just a result of the naivete of the Mosaic programmers. i.e.
>don't trust text that a server gives you and build up a command to the
>shell from it without "sanitizing" the input first.
I hadn't even realized that it builds up a shell command
based on what you tell it. That's bad news. Because "sanitizing" it
generally means "trying to guess what stupidities the other guy
might have pulled." That leads to an arms race to see who can
come up with more stupid ideas faster. :)
This is kind of unfortunate -- the UNIX community has
learned the hard way that system()ing something someone gives you
is asking for trouble. Even uucp had functionality to let the
administrator specify only what commands could be exec()ed -- and
even then you had to make sure someone didn't slip a wicked
option past you. One problem with programming is that it's a
field that is changing so rapidly, nobody learns from mistakes
that were made as recently as 10 years ago. :(
mjr.
|
|
