Strange advisory
B.R.
reallfqq-nginx at yahoo.fr
Tue May 13 13:43:08 UTC 2014
Thanks to both of you for precisions about your point of view.
Having thought more about it, it seems indeed strane to *interpret* log
file content to *execute* script snippet in order to change window title or
alike, following the link Kurt provided.
It seems that old-fahion habits have taken advantage of backward-compatible
features in modern emulated terminals.
Switching to the fa that emulator vendors should correct this, who to
contact for it? I suppose it has nothing to do with the kernel, but rather
with multiple GNU libraries around it.
---
*B. R.*
On Tue, May 13, 2014 at 10:22 AM, Valentin V. Bartenev <vbart at nginx.com>wrote:
> On Sunday 11 May 2014 06:25:53 B.R. wrote:
> [..]
> > What is the benefit of having those unescaped control characters in a log
> > file? Escaping them allows you to warn about their presence safely... and
> > that is directly exploitable by anything, once again safely.
>
> The benefit is that you can easily find in error/debug log exactly what
> a client has sent with binary precision, and therefore better diagnose
> a problem. And this actually is the main purpose of error log (normally
> it's just empty).
>
> wbr, Valentin V. Bartenev
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140513/72a531b7/attachment.html>
More information about the nginx
mailing list