Re: [code] Any ideas ?

From: Thomas Katzlberger (cat@vuse.vanderbilt.edu)
Date: 10/04/96


You wrote:
> >Make some kind of generic function that will check the incoming
> >string. Allow NO Unix shell-characters ; : & > < and you will be
> >fine.
> 
> This is not a good approach to programming a secure environment.
> You should decide what consists of a vaild set of characters and
> allow only characters from that set, rather than deciding which
> characters aren't allowed. Its much safer building from the empty
> set, than removing from a full set. Just check that each character
> is in the set { [a-zA-Z][0-9].@_ } (and maybe a couple other
> characters). Fork/exec will also improve safety by bypassing
> shells.

In my opinion fork is no option in MUDs it may severely lag the
host by duplicating the whole memory image of the MUD (probably
including swapped out pages) If its not a copy-on-write OS.

There is another option however: use sendmail

Make an ascii email file with some mailheaders (To: ...)
Then call in your program 

system("sendmail < Myfile.txt &");

That's all and save.

Cat.
+-----------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   http://cspo.queensu.ca/~fletcher/Circle/list_faq.html   |
+-----------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/18/00 PST