Subject: Developers of Sympa
List archive
- From: Olivier Salaün <address@concealed>
- To: Olivier Berger <address@concealed>
- Cc: "address@concealed" <address@concealed>
- Subject: Re: [sympa-dev] Security issue on wwsympa code
- Date: Wed, 13 Aug 2008 17:14:07 +0200
Olivier,
Thanks for reporting your thoughts about potential attacks, however it does not seem to be a legitimate threat for the following reasons :
1. new_d_read() in wwsympa.fcgi is a dead function (aimed at
replacing wwsympa::do_d_read() ) and therefore this code cannot be run
2. the make_alias_file code in sympa.pl does create a file in /tmp
directory, however the data it writes are hard-coded, no
possibility of data injection
On a more general perspective, I don't consider symlink attacks as significant threats on a mailing list server because these attacks require a user to login an define a symlink. You would not have user accounts on a mailing list server.
However, we're going to make some cleanup in the code to a) remove the debug code you mentioned, b) use Sympa's own tmp/ directory instead of /tmp when needed.
Thanks again.
Olivier Berger a écrit :
FYI : http://sourcesup.cru.fr/tracker/index.php?func=detail&aid=4430
I'm not completely sure the function in shared folder is used... but
looks potentially dangerous.
Feel free to add more details about the use of /tmp in sympa.pl too.
Best regards,
-
[sympa-dev] Security issue on wwsympa code,
Olivier Berger, 08/13/2008
-
Re: [sympa-dev] Security issue on wwsympa code,
Olivier Salaün, 08/13/2008
-
Re: [sympa-dev] Security issue on wwsympa code,
Olivier Berger, 08/13/2008
- Re: [sympa-dev] Security issue on wwsympa code, Olivier Salaün, 08/14/2008
-
Re: [sympa-dev] Security issue on wwsympa code,
Olivier Berger, 08/13/2008
-
Re: [sympa-dev] Security issue on wwsympa code,
Olivier Salaün, 08/13/2008
Archive powered by MHonArc 2.6.19+.