Date: Wed, 23 Sep 1998 00:58:14 -0400
From: der Mouse <[email protected]>
To: [email protected]Subject: Re: hylafax security hole in faxcron, xferstats and recvstats
> this is about the HylaFAX Facsimile Software copyrighted by Sam
> Leffler and Silicon Graphics, Inc but available for free.
While we're discussing HylaFAX...I have no flaws like the one mentioned
to report. But the thing is designed in a way that makes it damn near
impossible to run it "cordoned off". I spent several hours ripping out
checks for uid==0 in various pieces of it, trying to make it run as
non-root (I knew damn well no root privilege was fundamentally needed
for the functions I wanted, nor indeed for most of its functions). I
eventually gave up and am now using efax instead, which is much closer
to what I wanted anyway and doesn't give a damn who it runs as as long
as it can read the page images and talk to the modem. (I didn't know
efax existed when I first looked at HylaFAX, or I would have tossed the
latter much sooner.)
Anything that takes me hours of struggling to make it run as non-root
is not something that gives me the warm fuzzies about running on my
system; at the very least, it most certainly is not designed from a
"least privilege" mindset! I find it hair-raising to think that most
admins probably would happily hand it the keys to their system and
never even think that the copy they got might have been tampered with,
or even just plain have a bug - like the one that prompted the message
I'm responding to. If HylaFAX had been done right, that bug would have
exposed at most the fax user, instead of probably (I haven't looked to
see which of the affected pieces run as root) root - though I suspect
that with HylaFAX installed, compromising the fax user is probably just
one trivial step away from getting root anyway.
Pursuant to the "vendor notification" thread: I haven't told Sam
Leffler. The documentation makes it clear he does not want to hear
anything about HylaFAX unless accompanied by patches, and I don't have
a functioning run-as-non-root setup to generate patches from. Shrug.
If it were properly[%] designed, it wouldn't demand root anyway.
[%] "properly" from a security-weenie perspective.
der Mouse
[email protected]
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B