[HECnet] Security hole in CSWS
Paul Koning
Paul_Koning at dell.com
Tue Sep 22 22:32:40 PDT 2009
Excerpt of message (sent 22 September 2009) by Johnny Billquist:
Mark Wickens wrote:
Hope you guys don't mind but I mentioned this to the Hoff and he pointed
out that a period '.' can be used validly instead of a ';' as a
separator between the version number and the filename.
Indeed. You can also use <> instead of [] as directory brackets.
All because of confusion within DEC at the time when they tried to
decide on a standard for all DEC OSes.
The reason for avoiding [] is that those are "national characters" --
they might be letters with umlauts or stuff like that, in the ancient
days of non-English 7-bit character sets. Latin-1 obsoleted that
notion. But until that happened, there was an internal DEC directive
to avoid those code points... []{}\_|# and perhaps even $...
A few people paid attention, most (like RSTS) just ignored it.
paul
More information about the Hecnet-list
mailing list