Re: [fw-wiz] OT, sorta: Breaking pipes?



On Sat, Nov 7, 2009 at 07:34, Chris Myers <clmmacunix@xxxxxxxxxxx> wrote:
Do you use Perl at all with CGI scripts? If so, this is just an example of
what might be done with anything written with custom scripts. In this case,
it is a specific vendor, but it could happen to anyone who does not code
diligently.

http://www.kb.cert.org/vuls/id/496064

We don't use perl/cgi here, but the example is instructive.

This issue at hand is for web browsing by clients - the newish manager
believes that it's just too annoying to add exceptions for the
misbehaving web sites. Of course, it's not just the pipe character.
It's also the other unsafe/unwise characters, and the URLs that are
longer than 1024 characters, etc.

At some point we may be hosting a web site locally, but that hasn't happened.

This is really an education issue, so anything that I can add to the
ammunition pile is helpful.

Kurt
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards