[Top] [All Lists]

Re: best name for followups?

1997-07-18 08:32:15
On 18 Jul 1997 00:28:50 -0000, you said:
A simple comparison of message-ids does not suffice; it creates
an interesting security hole.
People here may not realize that noted security expert Perry Metzger
disagrees. Excerpted from his DRUMS commentary in March 1996: ``It is
not a security hole, Mr. Bernstein. ... Don't teach granpaw to suck
eggs. I make my bread and butter as a security consultant.''

Actually, there *is* a boundary condition that is problematic (and which I've
seen the scenario happen *quite* often).  Assume the following:

1) A large mailing list (1000+ or so people, perhaps)
2) A malicious user towards the front of the list
3) Your entry is towards the bottom of the list.

The following can happen:

a) Poster Fred sends something to the mailing list
b) Malicious user gets his copy, and sends you *directly* something altered,
but with the same message-id.  Your copy is still in the queue at the mailing
list site.
c) Your *real* copy arrives, and is tossed because the same Message-ID: has
been seen before.

How do I know this scenario can happen? Because I quite regularly receive
replies to my postings on some lists before I see my posting come back from
the list.  Obviously, the person replying has gotten his copy long before
I get mine back.

Of the last 9,704 e-mail messages I've received, procmail discarded 399 as
having duplicate message-id: headers.  And as I wrote this, I found a bug
in my procmailrc which greatly reduced the effectiveness of the duplicate
checking (explaining why I was still often seeing what looked like things
I've seen before).

Putting it all together is left as an excersize for the reader....
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: pgp4pQqnBWAaG.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>