Re: [tlug] Re: Security question with grep/e...

["Stephen J. Turnbull" <stephen@example.com>]

Looks like you've got it scoped out, but one (important) nit:

>>>>> "Jim" == Jim Breen <Jim.Breen@example.com> writes:

    Jim> I thought /bin/sh was a sort-of lowest common denominator
    Jim> when it came to shells. Certainly I'm not asking for anything
    Jim> but a pipe and a simple redirection of STDOUT. Even DOS could
    Jim> do that.

It's supposed to be, but in security the question is not "what does
Jim want it to do?", but rather "What does Kevin Mitnick[1] want it to
do?"

A couple more comments:

    >>> Do you have a shell account?  Does the host have a working C
    >>> compiler on it?  If the answer to both questions is "yes",
    >>> then the possibility of a hostile agent using a web exploit to
    >>> achieve shell access via your account, and from there
    >>> trampolining to root cannot be discounted.

    Jim> It's yes to both, on at least one site. But I don't really
    Jim> think what I'm suggesting is raising the chance.

With your -f dodge, it looks pretty tight to me.  Again, I'm not a
specialist, but you've definitely got something that it would take a
specialist to improve on (or break into :-P).

    Jim> At some time in the distant future I may get the whole
    Jim> shebang migrated to UTF8 and I'll see if I can get wide-char
    Jim> grepping set up then. Maybe POSIX will be doing multilingual.

For your purpose, this should work fine.  According to Uli Drepper
(glibc maintainer), the only real issue in doing byte-by-byte regexp
searches with UTF-8 is efficiency.  Same for EUC-JP, of course, main
problem is ensuring that you get the right flavor of bytes stuffed
into the regexp.  People using 7-bit JIS, Shift-JIS, or a Unicode
variant will not get sane output searching an EUC-JP text.

But you might be surprised---modern HTTP 1.1 with charset negotiation
between server and browser might get the right answer most of the time.

Footnotes: 
[1]  Famous cracker, figures in "The Cuckoo's Egg" and in The
Firewalls Book*.  May have misspelled the name.

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.