From owner-freebsd-www@FreeBSD.ORG  Mon Sep 29 12:08:36 2003
Return-Path: <owner-freebsd-www@FreeBSD.ORG>
Delivered-To: freebsd-www@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 88DCF16A4B3
	for <www@FreeBSD.org>; Mon, 29 Sep 2003 12:08:36 -0700 (PDT)
Received: from shaft.techsupport.co.uk (shaft.techsupport.co.uk
	[212.250.77.214])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AA17743F85
	for <www@FreeBSD.org>; Mon, 29 Sep 2003 12:08:35 -0700 (PDT)
	(envelope-from setantae@submonkey.net)
Received: from cpc3-cdif2-5-0-cust222.cdif.cable.ntl.com
	([81.101.152.222] helo=shrike.submonkey.net ident=mailnull)
	by shaft.techsupport.co.uk with esmtp (TLSv1:DHE-RSA-AES256-SHA:256)
	(Exim 4.22)
	id 1A43Nq-0002s5-Jm; Mon, 29 Sep 2003 20:08:34 +0100
Received: from setantae by shrike.submonkey.net with local (Exim 4.22)
	id 1A43Np-000Doy-59; Mon, 29 Sep 2003 20:08:33 +0100
Date: Mon, 29 Sep 2003 20:08:33 +0100
From: Ceri Davies <ceri@FreeBSD.org>
To: Mark Lumsden <lumsden@myrealbox.com>
Message-ID: <20030929190833.GM915@submonkey.net>
Mail-Followup-To: Ceri Davies <ceri@FreeBSD.org>,
	Mark Lumsden <lumsden@myrealbox.com>, www@FreeBSD.org
References: <JGEBJECMCOCCBIDFAECFMEHDCCAA.lumsden@myrealbox.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="1y1tiN5hVw5cPBDe"
Content-Disposition: inline
In-Reply-To: <JGEBJECMCOCCBIDFAECFMEHDCCAA.lumsden@myrealbox.com>
X-PGP: finger ceri@FreeBSD.org
User-Agent: Mutt/1.5.4i
Sender: Ceri Davies <setantae@submonkey.net>
cc: www@FreeBSD.org
Subject: Re: typo (i think)
X-BeenThere: freebsd-www@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: FreeBSD Project Webmasters <freebsd-www.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-www>,
	<mailto:freebsd-www-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-www>
List-Post: <mailto:freebsd-www@freebsd.org>
List-Help: <mailto:freebsd-www-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-www>,
	<mailto:freebsd-www-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Sep 2003 19:08:36 -0000


--1y1tiN5hVw5cPBDe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 29, 2003 at 05:08:53PM +0100, Mark Lumsden wrote:
> Hello,
> I'm not sure if this is the correct address to send this to or if indeed
> i've came across a typo, but on page:
>=20
> http://www.freebsd.org/security/security.html
>=20
> under the section 'Secure Programming Guidelines', in the second sentence,
> theres a part that makes sense but also doesn't quite:
>=20
> "Never trust any source of input, i.e. command line arguments, environment
> variables, configuration files, incoming TCP/UDP/ICMP packets, hostname
> lookups, function arguments, etc. If the length of or contents of
> the -->date<-- received is at all subject to outside control, then the
> program or function should watch for this when copying it around. Specific
> security issues to watch for in this are:"
>=20
> Do you think it means data?

Yes, it does.  I've corrected it.

Thanks for the submission,

Ceri

--=20

--1y1tiN5hVw5cPBDe
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/eIMwocfcwTS3JF8RAj2AAJ4uxwByircOsZhty28tGz2S1WiXMwCfeM3z
D8UJvuZj2M05VjZSZRQv3v8=
=oMEd
-----END PGP SIGNATURE-----

--1y1tiN5hVw5cPBDe--