Date: Mon, 29 Sep 2003 20:08:33 +0100 From: Ceri Davies <ceri@FreeBSD.org> To: Mark Lumsden <lumsden@myrealbox.com> Cc: www@FreeBSD.org Subject: Re: typo (i think) Message-ID: <20030929190833.GM915@submonkey.net> In-Reply-To: <JGEBJECMCOCCBIDFAECFMEHDCCAA.lumsden@myrealbox.com> References: <JGEBJECMCOCCBIDFAECFMEHDCCAA.lumsden@myrealbox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--1y1tiN5hVw5cPBDe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 29, 2003 at 05:08:53PM +0100, Mark Lumsden wrote: > Hello, > I'm not sure if this is the correct address to send this to or if indeed > i've came across a typo, but on page: >=20 > http://www.freebsd.org/security/security.html >=20 > under the section 'Secure Programming Guidelines', in the second sentence, > theres a part that makes sense but also doesn't quite: >=20 > "Never trust any source of input, i.e. command line arguments, environment > variables, configuration files, incoming TCP/UDP/ICMP packets, hostname > lookups, function arguments, etc. If the length of or contents of > the -->date<-- received is at all subject to outside control, then the > program or function should watch for this when copying it around. Specific > security issues to watch for in this are:" >=20 > Do you think it means data? Yes, it does. I've corrected it. Thanks for the submission, Ceri --=20 --1y1tiN5hVw5cPBDe Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/eIMwocfcwTS3JF8RAj2AAJ4uxwByircOsZhty28tGz2S1WiXMwCfeM3z D8UJvuZj2M05VjZSZRQv3v8= =oMEd -----END PGP SIGNATURE----- --1y1tiN5hVw5cPBDe--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030929190833.GM915>