From f031aecee9d45d9604b87e9f26ca3e6252ff6a76 Mon Sep 17 00:00:00 2001
From: Matthias Andree
Date: Wed, 20 Jul 2005 15:22:11 +0000
Subject: Add security thoughts.
svn path=/trunk/; revision=4144
---
design-notes.html | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
(limited to 'design-notes.html')
diff --git a/design-notes.html b/design-notes.html
index ffd82bf8..149d67b4 100644
--- a/design-notes.html
+++ b/design-notes.html
@@ -33,6 +33,23 @@ ESR made previously, and the differences and new directions will be laid
out in this document. It is therefore a sort of a TODO document, until
the necessary code revisions have been made.
+Security
+
+Fetchmail was handed over in a pretty poor shape, security-wise. It will
+happily talk to the network with root privileges, use sscanf() to read
+remotely received data into fixed-length stack-based buffers without
+length limitation and so on. A full audit is required and security
+concepts will have to be applied. Random bits are:
+
+
+ - code talking to the network does not require root privileges and
+ needs to run without root permissions
+ - all input must be validated, all strings must be length checked,
+ all integers range checked
+ - all types will need to be reviewed whether they are signed or
+ unsigned
+
+
SMTP forwarding
Fetchmails multidrop and rewrite options will process addresses
--
cgit v1.2.3