[hylafax-devel] Re: Supported Platforms/Security mods?

To: Andy Sparrow <andy@geek4food.org>; <hylafax-devel@hylafax.org>
Subject: [hylafax-devel] Re: Supported Platforms/Security mods?
From: Robert Colquhoun <rjc@trump.net.au>
Date: Thu, 08 Jun 2000 08:37

Hi,

At 02:52 PM 6/7/00 -0700, Andy Sparrow wrote:

>Hi all,
>
>Pardon me if this is well-known, but I can't find it (and there
>isn't an archive for hylafax-devel?)
>
>I'd like to take a look at using snprintf, mkstemp, strncpy etc to
>make HylaFAX more resistant to buffer overflows and temp file race
>conditions, a quick glance at the source shows a few places where
>this would be nice.

snprintf and strncpy are ok.  The only thing to think about is that hylafax 
is written in C++ and it might be better to use the included fxStr class or 
perhaps the ansi string class than a straight char buffer.

mkstemp() is a problem though, on HPUX at least it is limited to 26 files 
open at once. tmpfile() is the preferred call - but this can sometimes be 
annoying if you only want a file handle rather than a FILE*......this 
stopped me from converting to all tmpfile() calls previously...i think i 
got rid of most of the mktemp() stuff a year or so ago though.


>Two Questions:
>
>Platforms:
>
>         I'm unclear, as to the supported platforms (real or intended).
>
>         In other words, can (should) I assume reasonably modern
>         OSs that have all the above as native functionality in libc
>         (or where-ever), or does this all need to be done conditionally
>         because someone, somewhere is still running SunOS 3.x on
>         a Sun2 and wants to use it as a HylaFAX server? ;-)

There is the port directory to build emulation routines for older 
platforms.  As long as the defaults work reasonably for most modern 
platforms they should be ok.

>Comitting:
>
>         Would anyone be interested in looking at/committing this
>         when I work up a set of patches?

Sure.

>I'm being prompted to do this as a FreeBSD and HylaFAX user - if
>someone doesn't get to it soon, then HylaFAX will get dropped from
>the FreeBSD ports collection, which would be a crying shame IMHO.

Could you put beta2 in as a replacement for 4.0pl2(...i can't remember if 
this has the faxalter security fix or not, but it is an easy patch)


>Given the considerable amount of fixes and work that's gone into
>the current version in CVS (WooHoo! Great work BTW!), it seems
>pointless to patch up 4.0pl2, it just seems to make much more sense
>to work on the current version of HylaFAX (hopefully get this done
>for Beta3?)

The current plan for beta 3, in my head is:
         - suse ip-source routing patches
         - fix big manpage cgi-bin security hole..yes this is still not 
done :-(
         - dmitrys patches.
         - stuff that i have forgot about


>I've not been subscribed to -devel for long, so please excuse me
>if this has been (re)hashed endlessly to death before. :-)

No mainly fax protocol stuff lately - there really needs to be an archive 
of this list somewhere though.

- Robert



____________________ HylaFAX(tm) Developers Mailing List ____________________
 To unsub: mail -s unsubscribe hylafax-devel-request@hylafax.org < /dev/null

Prev by Date: [hylafax-devel] 'hylafax' update now available
Next by Date: [hylafax-devel] Re: Dmitry's mods - Class1
Prev by thread: [hylafax-devel] Supported Platforms/Security mods?
Next by thread: [hylafax-devel] Re: Supported Platforms/Security mods?
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services