From f031aecee9d45d9604b87e9f26ca3e6252ff6a76 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Wed, 20 Jul 2005 15:22:11 +0000 Subject: Add security thoughts. svn path=/trunk/; revision=4144 --- design-notes.html | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'design-notes.html') diff --git a/design-notes.html b/design-notes.html index ffd82bf8..149d67b4 100644 --- a/design-notes.html +++ b/design-notes.html @@ -33,6 +33,23 @@ ESR made previously, and the differences and new directions will be laid out in this document. It is therefore a sort of a TODO document, until the necessary code revisions have been made.

+

Security

+ +

Fetchmail was handed over in a pretty poor shape, security-wise. It will +happily talk to the network with root privileges, use sscanf() to read +remotely received data into fixed-length stack-based buffers without +length limitation and so on. A full audit is required and security +concepts will have to be applied. Random bits are:

+ + +

SMTP forwarding

Fetchmails multidrop and rewrite options will process addresses -- cgit v1.2.3