Hey all,
Not sure how real the security risk is here:
http://blog.omega-prime.co.uk/?p=107
Basically he is saying that if you store a list of blacklisted files
with names encoded in big-5 (or some other non-utf8 compatible encoding)
if those names are passed at the command line, or otherwise read in and
decoded from an assumed-utf8 source with surrogate escaping, the
surrogate escape decoded names will not match the properly decoded
blacklisted names.
All the best,
Michael Foord
--
http://www.voidspace.org.uk/
May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing http://www.sqlite.org/different.html
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com