Subject: Re: finger
To: None <>
From: David Laight <>
List: tech-userlevel
Date: 09/12/2002 11:22:53
> 128-160 are control characters in iso-8859-*, so they are not safe
> to pass without character set protocol extension.
> > Default should be defensive, shoudn't it?
> Yes. Default of passing 33-127, 161-255 (in both finger and fingerd)
> is as defensive, interop-friendly and convenient as we can get.

I presume you mean to include 32 (space) and 160?

Passing 128-159 is definitely very dangerous, it is possible
to download the 'answerback' sequence of a serial terminal
(vt100 emulaters should do this as well) and then request
that it be generated.

Some people where I worked got VERY confused by a filename
than requested the answerback sequence!  The output of 'ls'
was somewhat confusing to say the least.
(fortunately this wasn't malicious)


David Laight: