Bug#172436: Security concerns regarding browser proposal

To: Matt Zimmerman <mdz@debian.org>, 172436@bugs.debian.org
Subject: Bug#172436: Security concerns regarding browser proposal
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 4 Aug 2003 02:07:26 +0100
Message-id: <[🔎] 20030804010726.GB27271@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 172436@bugs.debian.org
In-reply-to: <[🔎] 20030803234843.GR24128@alcor.net>
References: <[🔎] 20030803234843.GR24128@alcor.net>

On Sun, Aug 03, 2003 at 07:48:43PM -0400, Matt Zimmerman wrote:
> It might be a good idea to specify how quoting should be handled, both for
> shell metacharacters and format specifiers.

Odd, I thought I'd mentioned
http://www.dwheeler.com/browse/secure_browser.html in this bug, but
evidently not. man implements the "Compatible Secure BROWSER Definition"
from that page. It's about 50 lines of C, not counting an escape_shell()
utility function.

We could also go for the Alternative definition on the same page, which
acknowledges that you probably need a helper script anyway to do the
complicated Netscape/Mozilla stuff and ditches the % characters
entirely. I don't have any strong feelings about which to use.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Bug#172436: Security concerns regarding browser proposal
  - From: Joey Hess <joeyh@debian.org>
- Bug#172436: Security concerns regarding browser proposal
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Bug#172436: Security concerns regarding browser proposal
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Bug#172436: Security concerns regarding browser proposal
Next by Date: Bug#172436: Security concerns regarding browser proposal
Previous by thread: Bug#172436: Security concerns regarding browser proposal
Next by thread: Bug#172436: Security concerns regarding browser proposal
Index(es):
- Date
- Thread