OpenSSH banner doesnot display multibyte characters like korean
Darren Tucker
dtucker at zip.com.au
Fri Oct 5 10:39:56 EST 2012
On Tue, Sep 25, 2012 at 9:12 PM, balu chandra <balu9463 at gmail.com> wrote:
> I also found little information inthe changelog on why strnvis() was
> introduced in input_userauth_banner. Is it added to address any
> security vulnerability.
I believe the intent was to prevent a malicious server from sending a
banner containing a terminal answerback command sequence. I'm not
aware of any UTF-8 aware equivalent of strnvis, though (if someone
knows of one we'll look at using it).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list