Bugtraq mailing list archives
Re: Sendmail 8.6.10: what's different?
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Fri, 24 Feb 1995 16:06:32 -0500
cleanstrcpy(), referred to several times above, is like strcpy, but it strips newlines and copies only a restricted set of characters: letters, digits, and !#$%&'*+-./^_`{|}~
The reason for that set of characters are that it is the characters that "divide" input into tokens in /bin/sh.
CERT once recommended me to use the following set of filtered characters "\"*&|$;'\\=?<>!()\n{}[]^`"
I don't quite understand what you mean. The list I quoted is characters that cleanstrcpy() _is_ willing to copy. Neither the set sendmail copies nor the set sendmail refuses to copy contains all the token delimiters in any shell I am aware of - for example, . is copied and @ isn't, but both are plain characters in every shell I know of; and ' is copied but " isn't, and both are special in every shell I know of. This is why I found the choice of characters hard to understand. I would almost think it is excluding some list of mail-addressing characters, except that it copies ! and %.... der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: Sendmail 8.6.10: what's different? der Mouse (Feb 24)
- Re: Sendmail 8.6.10: what's different? Christian Wettergren (Feb 27)