Filename problem
Glenn Steen
glenn.steen at gmail.com
Fri Jun 23 09:38:08 IST 2006
On 22/06/06, Julian Field <MailScanner at ecs.soton.ac.uk> wrote:
> On Thu22 Jun 06, at 21:08, Jethro R Binks wrote:
>
> > On Thu, 22 Jun 2006, Scott Silva wrote:
> >
> >> You need to look in the logs to get more detail, as the filename
> >> in the
> >> response message is "sanitized", and the real name could be much
> >> longer.
> >
> > Well there's the thing. I recall Julian saying reasonably recently
> > that
> > it wasn't possible to put the "real" or "original" filename in any
> > logs
> > _without_ sanitising it -- for obvious reasons. Which often makes it
> > difficult to enter into a discussion with the user about the nature
> > of the
> > original filename, other than guesswork.
> >
> > Jethro.
>
> That is indeed a problem. But the alternative is someone embedding
> nasty things in a filename for an attachment knowing full well that
> all their text will get inserted into an email message. If they can
> put a virus in the Subject: line (which can be done) then this is
> child's play.
> Fancy a very long filename causing a stack overflow in your syslogd
> to exploit a vulnerability resulting in arbitrary code execution?
> Didn't think so.
>
> So I don't ever store any unsanitised data anywhere.
>
Very sound thinking. Could one have the actual byte count in the log
though? "original lenght: .... bytes"? Would perhaps simplify the
"discussions" with the users...:-). (Or is that already done? I'm
"preparing" for the traditional midsummers
eve celebrations, so don't really have my heaqd turned on:-)
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list