Re: hylafax security hole in faxcron, xferstats and recvstats

From: der Mouse (mouseat_private)
Date: Tue Sep 22 1998 - 21:58:14 PDT

Next message: Marc Heuse: "Re: hylafax security hole in faxcron, xferstats and recvstats"

Previous message: Seattle Lab Technical Support: "Re: WARNING! SMTP Denial of Service in SLmail ver 3.1"
Maybe in reply to: Tobias Richter: "hylafax security hole in faxcron, xferstats and recvstats"
Next in thread: Marc Heuse: "Re: hylafax security hole in faxcron, xferstats and recvstats"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> this is about the HylaFAX Facsimile Software copyrighted by Sam
> Leffler and Silicon Graphics, Inc but available for free.

While we're discussing HylaFAX...I have no flaws like the one mentioned
to report.  But the thing is designed in a way that makes it damn near
impossible to run it "cordoned off".  I spent several hours ripping out
checks for uid==0 in various pieces of it, trying to make it run as
non-root (I knew damn well no root privilege was fundamentally needed
for the functions I wanted, nor indeed for most of its functions).  I
eventually gave up and am now using efax instead, which is much closer
to what I wanted anyway and doesn't give a damn who it runs as as long
as it can read the page images and talk to the modem.  (I didn't know
efax existed when I first looked at HylaFAX, or I would have tossed the
latter much sooner.)

Anything that takes me hours of struggling to make it run as non-root
is not something that gives me the warm fuzzies about running on my
system; at the very least, it most certainly is not designed from a
"least privilege" mindset!  I find it hair-raising to think that most
admins probably would happily hand it the keys to their system and
never even think that the copy they got might have been tampered with,
or even just plain have a bug - like the one that prompted the message
I'm responding to.  If HylaFAX had been done right, that bug would have
exposed at most the fax user, instead of probably (I haven't looked to
see which of the affected pieces run as root) root - though I suspect
that with HylaFAX installed, compromising the fax user is probably just
one trivial step away from getting root anyway.

Pursuant to the "vendor notification" thread: I haven't told Sam
Leffler.  The documentation makes it clear he does not want to hear
anything about HylaFAX unless accompanied by patches, and I don't have
a functioning run-as-non-root setup to generate patches from.  Shrug.
If it were properly[%] designed, it wouldn't demand root anyway.

[%] "properly" from a security-weenie perspective.

                                        der Mouse

                               mouseat_private
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Next message: Marc Heuse: "Re: hylafax security hole in faxcron, xferstats and recvstats"
Previous message: Seattle Lab Technical Support: "Re: WARNING! SMTP Denial of Service in SLmail ver 3.1"
Maybe in reply to: Tobias Richter: "hylafax security hole in faxcron, xferstats and recvstats"
Next in thread: Marc Heuse: "Re: hylafax security hole in faxcron, xferstats and recvstats"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:22 PDT