Subject: Re: finger
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-userlevel
Date: 09/12/2002 11:40:43
> Please just make finger{,d} pass safe subset of 8bit [...]

Part of the trouble is, fingerd has no idea what "safe subset of 8bit"
is for the client.  It could pass anything and let the client deal, but
that can break clients that aren't smart enough to filter.

Assuming that 8859-* printables are safe isn't right; the safe set
could be larger or smaller than that - for example, there is an
encodings of Japanese that involves ESC-$-B and ESC-(-B, making them
safe for a client using such an encoding, and on a 7-bit link, anything
with the high bit set can turn into parity errors, and even if you
could count on stripping the 0x80 bit, that turns 0xff (printable in
8859-1 and at least some other 8859-* sets) into DEL.

finger, of course, can be as paranoid as is called for.  But fingerd
has to interoperate with clients of unknown provenance, and all it can
really count on is ASCII printables, plus CRLF for line breaks.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B