RE: [logs] Charset selection (Was: Re: EventLog library)

From: Rainer Gerhards (rgerhardsat_private)
Date: Thu Jan 09 2003 - 11:56:09 PST

  • Next message: Bennett Todd: "Re: [logs] Re: syslog/tcp (selp)"

    > A very clear explanation of the acceptance issues.
    > Like every place I've seen charsets raise their heads, this 
    > looks like a lose-lose situation.
    > We can be tolerant of anything, and know, for sure, that we 
    > will be laying groundwork for security incidents down the 
    > road, where people exploit varying interpretations of 
    > non-ASCII chars combined with over-powerful client software 
    > to break in to someone's computers.
    > We can seriously try and secure our future, and suspect, if 
    > we correctly understand the real needs of some users from 
    > other cultures, that they might find our solution unusable.
    > Perhaps we should include a Security Considerations section, 
    > remarking that differing interpretation of charsets has been 
    > and will continue to be a source of security problems, so 
    > individual implementations are encouraged to validate the MSG 
    > section to the best of their ability in the face of local 
    > charset demands; e.g. a traditional Unix site using plain 
    > ASCII on all their systems may wish to use a SELP server that 
    > is configured to escape any bytes found in the MSG section 
    > that are not valid printable US-ASCII.
    > That sound like a sensible compromise?
    In fact, IMHO, this is a perfect one :-)
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Thu Jan 09 2003 - 12:41:13 PST