From: R.E. Wolff Date: Tue, 5 Feb 2013 15:56:38 +0000 (+0100) Subject: added some extra clarifications to the SECURITY file. X-Git-Tag: v0.83~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25e8839a3dfabf8b80906f60a51745ddc43e9913;p=thirdparty%2Fmtr.git added some extra clarifications to the SECURITY file. --- diff --git a/SECURITY b/SECURITY index 1ebf15c..6cfc40b 100644 --- a/SECURITY +++ b/SECURITY @@ -29,5 +29,14 @@ raw socket descriptors, which would allow the malicious user to listen to all ICMP packets arriving at the system, and send forged packets with arbitrary contents. +The mtr-code does its best to prevent calling of external library +code before dropping privileges. It seems that C++ library code has +the ability to issue a "please execute me before calling main" to the +loader/linker. That would mean that we're still vulnerable to +errors in that code. This is why I would prefer to drop the backends, +have mtr-core always run in "raw" mode, and have the backends interpret +the output from the mtr-core. Maybe a nice project for a college-level +student. + If you have further questions or comments about security issues, please direct them to the mtr mailing list. See README for details.