[Developers] HTTPD et al security (was: Re: [Numrel-punctures] (no subject))

Jonathan Thornburg jthorn at aei.mpg.de
Fri May 6 05:21:31 CDT 2005 

On Thu, 5 May 2005, Jason Ventrella wrote:
> Does anyone know of any possible problems with activating the thorns:
> HTTPD, HTTPDExtra, and Socket for these Pre-ISCO runs?  If not, it has
> been suggested that we do so.

I agree with Erik's comment:
| As far as I know, we debugged these thorns last year, so they should be 
| safe.  That was "debugging" in the sense of not making simulations 
| accidentally abort any more.

A more difficult question is whether these thorns are safe against
*malicious* attacks.  Steve fixed a bunch of buffer-overrun holes
in HTTPD last summer, but there's no easy way to tell whether there
might be more still lurking there, and/or in the Cactus flesh (in a
way that might be exploited by a malicious person/script feeding nasty
inputs in via HTTPD).

For example, a quick grep shows 8 sprintf() and 1 not-obviously-safe
strcpy() in HTTPD
    [not counting Steve's safe-string module, which should be safe
    unless Steve slipped up somewhere]
and 31 sprintf() and 24 strcpy() in the flesh source.  A few months ago
I looked at a few of the flesh sprintf()s, and they all appeared to be
safe.  But I don't think anyone has done anything like a careful security
audit of this code (nor is such an audit guaranteed to find all problems).

So... IMHO using {HTTPD, HTTPDExtra, Socket} is essentially a
security-vs-convenience tradeoff.  _I_ wouldn't use them or recommend
using them
    [I've suffered through "a bunch of our major servers have been
    broken into and had rootkits installed; we have to clean out and
    reinstall everything" sagas at two different institutions, and
    neither was an experience I look forward to repeating!]
but you'll have to make your own decisions.

ciao,

-- 
-- Jonathan Thornburg <jthorn at aei.mpg.de>
    Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
    Golm, Germany, "Old Europe"     http://www.aei.mpg.de/~jthorn/home.html
    "Washing one's hands of the conflict between the powerful and the
     powerless means to side with the powerful, not to be neutral."
                                       -- quote by Freire / poster by Oxfam

More information about the Developers mailing list