[Bug 2058] SSH Banner message displays UTF-8 multibyte char incorrrectly

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Apr 24 02:28:46 EST 2013


Laurent <laurent at elanor.org> changed:

           What    |Removed                     |Added
                 CC|                            |laurent at elanor.org

--- Comment #2 from Laurent <laurent at elanor.org> ---
I'm seeing this issue as well, and I'd like it to be addressed.

The issue here is that it is often requested by lawyers to have a
warning message before log in. Obviously, ASCII cannot not fit every
language, so that is going to be an issue for many. English is not the
world language.
In some places, like China, it is even mandatory for software to
support the local charset, and for good reason (GB18030 for China, but
that maps to Unicode). 

The risk here is that by trying to avoid a specific security issue,
pragmatic users will have no other choice than to use older versions,
or hack in their own patches, both of which might create bigger issues
than the one avoided.

And of course, the SSH IETF draft standard itself mandates using
Unicode for the banner, so being non standard is a problem too.

I think that absent a perfect solution that checks the output is
perfectly valid UTF-8, there should be a user-configurable flag to
allow it if needed.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list