Great Circle Associates Firewalls
(August 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Code Review Guidelines (draft)
From: Adam Shostack <adam @ homeport . org>
Date: Thu, 29 Aug 1996 10:48:36 -0500 (EST)
To: ichudov @ algebra . com
Cc: firewalls @ greatcircle . com, cypherpunks @ toad . com, c @ homeport . org
In-reply-to: <199608271620 . LAA10933 @ manifold . algebra . com> from "Igor Chudov @ home" at Aug 27, 96 11:20:56 am 
Igor, and many others who commented on the fact that many characters
are legal in email are correct.  However, with the exception of '-'
and '+', I'm not sure if I'll be changing the body of the guidelines.
My issue is that dealing with a wide variety of characters that are
legitamate, such as "cat ../../../etc/passwd"@foo.com is more
dangerous than only accepting the common case of user @
 host .
 net .
 

The number of addresses such as harvard!adam is dropping as the number
of 'normal' addresses grows.


Igor Chudov @ home wrote:
| Adam Shostack wrote:
| > http://www.homeport.org/~adam/review.html

| In part " V.Code (Security Issues)/3.Data Checking" you say the following:
| 
| `` Data coming in to Acme Widgets should be checked very carefully for
|         appropriateness. This check should be to see if the data is what
|         is expected (length, characters). Making a list of bad
|         characters is not the way to go; the lists are rarely complete.
|         A secure program should know what it expects, and reject other
|         input. (For example, if you are looking for an email address,
|         don't check to see if it contains a semi-colon or a newline,
|         check to see if it contains anything other than a [A-Za-z0-9._]
|         followed by an @, followed by a hostname [A-Za-z0-9._].)''
| END QUOTE
| 
| That is not entirely correct. An email address is much more than
| that, it can contain "!", several "@" characters (not next to each other
| though), "%", and so on. x400 mail addresses (?) can contain "/", "=",
| and all emails can have "+" and "-" and "_" in them. 
| 
| Some of the valid email addresses are
| 
| user_name @
 company .
 com
| alex+ @
 pitt .
 edu
| mi%aldan .
 UUCP @
 algebra .
 com
| user%host .
 domain @
 anon .
 penet .
 fi
| host1!host2!user
| 
| Look at your sendmail.cf file for a humongous amount of 
| email parsing rules.
| 
| Thanks for an excellent document though, I put a link to it from my
| intranet page.

	You're welcome.

| 	- Igor "Code Obscurity Creates Job Security" Chudov.
| 

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume
Follow-Ups:
References:
Indexed By Date Previous: Anyone with ready made ip filter table for ACC Danube
From: Hadi Al-Ali <hadi @ lscope . co . uk>
Next: Re: Anyone with ready made ip filter table for ACC Danube
From: Paul Ferguson <pferguso @ cisco . com>
Indexed By Thread Previous: Re: Code Review Guidelines (draft)
From: Marcus Watts <mdw @ umich . edu>
Next: Re: Code Review Guidelines (draft)
From: ichudov @ algebra . com (Igor Chudov @ home)
Google
 
Search Internet Search www.greatcircle.com