Skip to main content.
home | support | download

Back to List Archive

RE: Vulnerabilities with Swish

From: Job de Haas <job(at)not-real.itsx.com>
Date: Tue Nov 17 1998 - 09:53:02 GMT
Hi,

> I would argue that this is the wrong place to put this code.  Buffer

I agree. This should be considered a temporary fix until the problems in the
code can be fixed. I didn't have time to do that at the moment and I think
the developers haven't enough to do it in a very short time either. They are
working on it at the moment. I chose the values such that the risk is
reduced because most arrays used in Swish are a multitude of 256.

> overflow errors should be fixed in the primary C code so that no matter
> how the program is called, you can't cause problems.  This only solves
> it for AutoSwish (here at UCSF, we use a custom front end built prior to
> the existence of AutoSwish).

Well it also solves it for the example script available from the Swish
website. This example script is probably pre AutoSwish and was even more
vulnerable. The example I gave was meant to assist people in making such a
temporary fixed to their customized frontends. I agree that in my warning I
should have made it more clear that it should be considered temporary.

On a side note: I would consider it also much safer if the web server and
scripts were run from a chrooted environment. This way the damage someone
could do is much more limited compared to a web server that is running with
full access to the whole filesystem. I am saying this because there are so
many bad web server scripts and programs out there that such a measure would
be good second line of defense.

Regards,

Job
Received on Tue Nov 17 01:51:18 1998