Re: Idea for gnome e-mail client

From: Dan Winship <danw helixcode com>
To: peter newton cx
Cc: Kent Schumacher <kschumacher uswest net>,Gnome developers <gnome-devel-list gnome org>
Subject: Re: Idea for gnome e-mail client
Date: Sat, 06 May 2000 15:09:22 -0400

> We were talking about this on balsa-list... basically, since
> we're on multiuser systems, unless you're running your mail client
> as root, you can't do too much damage to your system.

Well, that's not really true.

1) The script could exploit a vulnerable suid program to get root.

2) It could fill all of the partitions on your disk that you have
write access too, causing other things to fail from there.

3) It could hose down your network by mailing copies of itself to
people (IIRC, this is mostly what the problem with Melissa was).

4) It could mail *other things* to other people. Your inbox, your
password file, your sendmail and apache config files (for ease of
security hole finding), your ssh keys, etc.

5) It could take advantage of its presence inside your firewall to do
things it couldn't do from outside.

etc, etc, etc.

> To prevent that isn't a big deal:
> 
> 1) Don't execute anything automatically.
> 2) If you feel like you must execute something that came floating
>  along in an email, give the user a big fat warning dialog. If the
>  user is not smart enough to make sure that the script is safe,
>  there's nothing we can do about that.
> 3) If you must implement some kind of scripting language, make sure
>  that you can sandbox it.

4) Be paranoid about buffer overruns

5) If you call other programs for any reason, understand their
security issues fully. (And don't invoke them with system(), popen(),
etc, if you're passing untrusted data as arguments to them.)

-- Dan

References:
- Re: Idea for gnome e-mail client
  - From: Peter Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]