<table width="100%" cellpadding="0" summary="Canned page header">
<tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a></td>
-<td width="30%" align="right">$Date: 2003/02/28 11:26:47 $</td>
+<td width="30%" align="right">$Date$</td>
</tr>
</table>
out in this document. It is therefore a sort of a TODO document, until
the necessary code revisions have been made.</p>
+<h2>Security</h2>
+
+<p>Fetchmail was handed over in a pretty poor shape, security-wise. It will
+happily talk to the network with root privileges, use sscanf() to read
+remotely received data into fixed-length stack-based buffers without
+length limitation and so on. A full audit is required and security
+concepts will have to be applied. Random bits are:</p>
+
+<ul>
+ <li>code talking to the network does not require root privileges and
+ needs to run without root permissions</li>
+ <li>all input must be validated, all strings must be length checked,
+ all integers range checked</li>
+ <li>all types will need to be reviewed whether they are signed or
+ unsigned</li>
+</ul>
+
<h2>SMTP forwarding</h2>
-<p>Fetchmails multidrop and rewrite options will process addresses
+<p>Fetchmail's multidrop and rewrite options will process addresses
received from remote sites. Special care must be taken so these
features cannot be abused to relay mail to foreign sites.</p>
<table width="100%" cellpadding="0" summary="Canned page footer">
<tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a></td>
-<td width="30%" align="right">$Date: 2003/02/28 11:26:47 $</td>
+<td width="30%" align="right">$Date$</td>
</tr>
</table>
projects / ~andy / fetchmail / blobdiff