Subject: Re: finger
To: None <email@example.com>
From: David Laight <firstname.lastname@example.org>
Date: 09/12/2002 11:22:53
> 128-160 are control characters in iso-8859-*, so they are not safe
> to pass without character set protocol extension.
> > Default should be defensive, shoudn't it?
> Yes. Default of passing 33-127, 161-255 (in both finger and fingerd)
> is as defensive, interop-friendly and convenient as we can get.
I presume you mean to include 32 (space) and 160?
Passing 128-159 is definitely very dangerous, it is possible
to download the 'answerback' sequence of a serial terminal
(vt100 emulaters should do this as well) and then request
that it be generated.
Some people where I worked got VERY confused by a filename
than requested the answerback sequence! The output of 'ls'
was somewhat confusing to say the least.
(fortunately this wasn't malicious)
David Laight: email@example.com