Hylafax Developers Mailing List Archives

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

[hylafax-devel] Supported Platforms/Security mods?




Hi all,

Pardon me if this is well-known, but I can't find it (and there
isn't an archive for hylafax-devel?)

I'd like to take a look at using snprintf, mkstemp, strncpy etc to
make HylaFAX more resistant to buffer overflows and temp file race
conditions, a quick glance at the source shows a few places where
this would be nice.


Two Questions:

Platforms:

	I'm unclear, as to the supported platforms (real or intended).

	In other words, can (should) I assume reasonably modern
	OSs that have all the above as native functionality in libc
	(or where-ever), or does this all need to be done conditionally
	because someone, somewhere is still running SunOS 3.x on
	a Sun2 and wants to use it as a HylaFAX server? ;-)


Comitting:

	Would anyone be interested in looking at/committing this
	when I work up a set of patches?


I'm being prompted to do this as a FreeBSD and HylaFAX user - if
someone doesn't get to it soon, then HylaFAX will get dropped from
the FreeBSD ports collection, which would be a crying shame IMHO.

Given the considerable amount of fixes and work that's gone into
the current version in CVS (WooHoo! Great work BTW!), it seems
pointless to patch up 4.0pl2, it just seems to make much more sense
to work on the current version of HylaFAX (hopefully get this done
for Beta3?)

I've not been subscribed to -devel for long, so please excuse me
if this has been (re)hashed endlessly to death before. :-)

Any comments welcome.

Cheers,


AS


____________________ HylaFAX(tm) Developers Mailing List ____________________
 To unsub: mail -s unsubscribe hylafax-devel-request@hylafax.org < /dev/null



Home
Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services