md_syslog (was Re: [Mimedefang] Woes following an OS upgrade)
David F. Skoll
dfs at roaringpenguin.com
Tue Nov 7 18:59:07 EST 2006
Philip Prindeville wrote:
>>Yes, because it's superfluous in Perl. Just use variable interpolation
>>directly.
> Doesn't work with hex, or floats, etc. obviously. Just strings and
> integers.
It works perfectly fine with floats. And hex, if you like:
md_syslog($facility, "foo " . hex($number) . " bar");
When you write Perl, write Perl, not C.
> Except for hex, floats, packs, return values from function calls
> like inet_ntoa(), etc.
Oh for crying out loud! I give up. :-)
You'd rather open up MIMEDefang to attacks based on format string
vulnerabilities than make a simpler interface that works almost
all the time, and is simple to make work absolutely all of the time?
I don't mean to sound harsh, but I'm not surprised you want to use
XML for your filter. :-)
[...]
> Sure. But less functional, too.
How is it ANY less functional? Name one thing it can't do that
a format-string-enabled syslog can do?
> Ok, what if we added md_syslog_ and had md_syslog() call into
> it with "%s" as the format specifier?
Go ahead, but it won't be placed in the official MIMEDefang.
--
David.
More information about the MIMEDefang
mailing list