On 18 Jul 1997 00:28:50 -0000, you said:
A simple comparison of message-ids does not suffice; it creates
an interesting security hole.
People here may not realize that noted security expert Perry Metzger
disagrees. Excerpted from his DRUMS commentary in March 1996: ``It is
not a security hole, Mr. Bernstein. ... Don't teach granpaw to suck
eggs. I make my bread and butter as a security consultant.''
Actually, there *is* a boundary condition that is problematic (and which I've
seen the scenario happen *quite* often). Assume the following:
1) A large mailing list (1000+ or so people, perhaps)
2) A malicious user towards the front of the list
3) Your entry is towards the bottom of the list.
The following can happen:
a) Poster Fred sends something to the mailing list
b) Malicious user gets his copy, and sends you *directly* something altered,
but with the same message-id. Your copy is still in the queue at the mailing
list site.
c) Your *real* copy arrives, and is tossed because the same Message-ID: has
been seen before.
How do I know this scenario can happen? Because I quite regularly receive
replies to my postings on some lists before I see my posting come back from
the list. Obviously, the person replying has gotten his copy long before
I get mine back.
Of the last 9,704 e-mail messages I've received, procmail discarded 399 as
having duplicate message-id: headers. And as I wrote this, I found a bug
in my procmailrc which greatly reduced the effectiveness of the duplicate
checking (explaining why I was still often seeing what looked like things
I've seen before).
Putting it all together is left as an excersize for the reader....
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
pgp4pQqnBWAaG.pgp
Description: PGP signature