Actually, someone made the point -- what if you log request *headers* and someone puts a malicious byte sequence in that header? What's the rule around escaping the header values? What about every other code path where a remote user can write unfiltered bytes to a file on the server (logfile, etc.).
Essentially, the vulnerability here isn't in applications that write these bytes to files, but specific terminal applications that are weak and should be fixed. Otherwise, "cat" is potentially "vulnerable" and that's a ridiculous position to hold. On 9/13/10 4:46 PM, Tom Jackson wrote: > Anyway, it is critical to examine and normalize the request uri asap > and act quickly when presented with invalid chars. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
