Re: VMS Mail translates incoming tilde character into a dollar sign.

In article <fro8r7$5tt$1@xxxxxxxxxxxxxxxxx>, david20@xxxxxxxxxxxxxxxx
wrote:

In article <022a67c3$0$5073$c3e8da3@xxxxxxxxxxxxxxxxx>, JF Mezei
<jfmezei.spamnot@xxxxxxxxxxxxx> writes:
Robert Deininger wrote:

Patch kits were requested today for these versions:
V8.2-1 I64
V8.3 I64 and Alpha

These kits would make the V8.3-1H1 functionality available on the
earlier VMS versions:
$ DEFINE/PROCESS MAIL$FILTER 1
to keep "}" and "~" from being filtered out.


Wouldn't it have been simpler for you guys and better for customers to
provide a MAIL.EXE image that just didn't do that filtering ? Customers
who don't need the filtering could then install that image and not have
to worry about that truly pesky /PROCESS logical.

Seconded.

And then for the next VMS version that version which didn't filter printable
ASCII characters could be the default.

David Webb
Security team leader
CCSS
Middlesex University

Way more interest in this topic than I expected! It's been fun reading
all the speculations. Reality is quite a bit more boring. :-)

Paul Anderson keeps walking past my cube and muttering about tildes
scattered around on the floor...

A bit of an update...

Today I retrieved the supporting files from the original problem report
from back in 2004. (I didn't have those files when I first looked at
the problem last week.)

The original problem was that terminals misbehaved when MAIL displayed
some sample messages. I found those message files today. VMS was at
V7.3-2 or so at the time, and we verified that V7.3-2 MAIL behaves badly
with the sample files. Some common emulators that aren't considered
particularly broken behave differently.

The actual problem seems to be that some REAL control codes weren't
being filtered out before sending the output to the terminal.

I don't find any evidence of an actual "broken" terminal emulator in the
original report, or in the supporting files. I think that was a red
herring. But it generated enough confusion that the engineer added the
right brace character, ASCII 7D, to the filtered character list. That
was an intentional, but probably misguided, change.

I think the tilde character, ASCII 7E, was an innocent bystander. It
was in the wrong place at the wrong time -- namely, between "}" and DEL
in the ASCII table.

This set of changes also added filtering for the control codes that
should have been removed all along. This "fixed" the original problem.
I think the right brace was filtered out because it was incorrectly
thought to be part of the problem. In reality, it probably just made
the problem look different on different emulators.

These changes eventually shipped in V8.2-1 and V8.3.

The MAIL$FILTER logical name "workaround" was added later, and
eventually shipped in V8.3-1H1. The workaround is tied to the process
logical name table instead of LNM$FILE_DEV. This is peculiar and
annoying, but was probably intentional. There was still the mistaken
assumption that "}" really mattered for _some_ terminal emulator(s), and
so a narrow, process-focused switch was needed.

The original problem was reported as a potential security threat --
another red herring -- which may have led to excessive caution. That
likely contributed to the bad decision to change the long-standing
behavior for printable characters.

The current workaround, with MAIL$FILTER, has been sitting around
waiting for someone to want it since 2006 or so. It works around the
only symptoms that anyone has actually noticed and reported, and can be
shipped fairly quickly. That justifies sending it out, even though it's
ugly and doesn't really fix the whole problem.

I expect the whole thing will be cleaned up before the next VMS release,
and MAIL$FILTER will just be an amusing bit of history. The tildes will
go back on the screen where they belong, and Paul won't trip over them
when he wanders the halls.

-- Robert
.

Relevant Pages

  • RE: Mouse Event, opposite of action Click?
    ... // set up filtering for the drop-down box ... private void TextBoxMouseMove ... foreach (char character in this.cannotContain.ToCharArray()) ... } // end FOREACH character in the forbidden string ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Structure of SMTP Receiver - simple spam and content filter
    ... There's an easy way to do spam and content filtering on VMS. ... What I do is stop the SMTP que on the VMS server and let the messages wait ... TEC runs every 60 seconds in a batch que and checks the que for jobs waiting ...
    (comp.os.vms)
  • Re: A flood of spams - another virus on the way?
    ... those executables are not compatible with VMS. ... >>You better hurry up and buy a Microsoft machine, ... Spam filtering ... me a notification that is has screened the offending email ...
    (comp.os.vms)
  • Re: Topic Sentences
    ... > Camera-eye is somewhere in the middle of the scale. ... tied to the consciousness of a participating character. ... different from that of the filtering character. ... I see camera eye as an very strongly filtered ...
    (rec.arts.sf.composition)
  • Re: VMS Mail translates incoming tilde character into a dollar sign.
    ... $ DEFINE/PROCESS MAIL$FILTER 1 ... Wouldn't it have been simpler for you guys and better for customers to ... provide a MAIL.EXE image that just didn't do that filtering? ... And then for the next VMS version that version which didn't filter printable ...
    (comp.os.vms)