diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2005-07-20 15:22:11 +0000 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2005-07-20 15:22:11 +0000 |
commit | f031aecee9d45d9604b87e9f26ca3e6252ff6a76 (patch) | |
tree | 855242f4cec88caa7175d1cf86d246117c201764 /design-notes.html | |
parent | 7c6e7ec184cd463b925c812d0803129b3f1e160b (diff) | |
download | fetchmail-f031aecee9d45d9604b87e9f26ca3e6252ff6a76.tar.gz fetchmail-f031aecee9d45d9604b87e9f26ca3e6252ff6a76.tar.bz2 fetchmail-f031aecee9d45d9604b87e9f26ca3e6252ff6a76.zip |
Add security thoughts.
svn path=/trunk/; revision=4144
Diffstat (limited to 'design-notes.html')
-rw-r--r-- | design-notes.html | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/design-notes.html b/design-notes.html index ffd82bf8..149d67b4 100644 --- a/design-notes.html +++ b/design-notes.html @@ -33,6 +33,23 @@ ESR made previously, and the differences and new directions will be laid out in this document. It is therefore a sort of a TODO document, until the necessary code revisions have been made.</p> +<h2>Security</h2> + +<p>Fetchmail was handed over in a pretty poor shape, security-wise. It will +happily talk to the network with root privileges, use sscanf() to read +remotely received data into fixed-length stack-based buffers without +length limitation and so on. A full audit is required and security +concepts will have to be applied. Random bits are:</p> + +<ul> + <li>code talking to the network does not require root privileges and + needs to run without root permissions</li> + <li>all input must be validated, all strings must be length checked, + all integers range checked</li> + <li>all types will need to be reviewed whether they are signed or + unsigned</li> +</ul> + <h2>SMTP forwarding</h2> <p>Fetchmails multidrop and rewrite options will process addresses |