[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2.99.56pre4 config help

On Tue, Jun 10, 2003 at 11:28:20AM -0400, Ambrose LI wrote:
> In article <20030610174655.L27724@nic.funet.fi> you write:
> >I do think that current generations of router scripts (and
> >script language) are fairly immune to careless script writer,
> >and that built-in scripts are safe.  However Ambrose's 2.99.54
> >might be another story.
> I am now running 2.99.56pre4 at home (the latest tar.gz from
> nic.funet.fi); one day ago I was running 2.99.50s11 (not 2.99.54).
> At the office we are running 2.99.56-pre1 (or so it claims; that
> was a CVS snapshot).
> Are these versions (.56pre4 and .56pre1) safe? If they are then
> is it fairly safe to re-enable the interactive routing subsystem?

Fairly safe. (*)

At .56* all known threats, and threat-models have been eliminated,
rendered unlikely, or otherwise harmless in the router scripts.
(E.g. since I eliminated the "process expanded strings as shell
commands", feeding choicy:  "`rm -f /`"@foo.bar   and having bad
local address handler script that carelessly handles expanded
variables...   That is one of the threats, I had in mind, when
the shell variable expansion treatment was altered a while ago.)
(Manual testing needs proper quotation at entry-time, remember,
that thing is _shell_)

I trust them enough to run them at several of my systems.
(And at some systems I could run them, but have been lazy,
 and not enabled them.)

> BTW the content filter seems to be running as root. (Perl's
> $< and $> are both 0.) Is this normal, is it a bug, or have I
> misconfigured my system?

That is normal.  It could be running as 'trusted' (e.g. 'daemon'),
but I haven't had need for that, yet.

> Ambrose LI Cheuk-Wing  <a.c.li@ieee.org>
/Matti Aarnio	<mea@nic.funet.fi>

*) "unlikely" = "I have done my best, but the thing is darn
   large and complex, and some things may contain surprises.."
   Absolute certainly gets into deep common-criteria evaluation...
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi