Changes between Version 1 and Version 2 of ServerSecurity


Ignore:
Timestamp:
04/25/07 12:51:37 (10 years ago)
Author:
Nicolas
Comment:

Required manual changes to automatic conversion.

Legend:

Unmodified
Added
Removed
Modified
  • ServerSecurity

    v1 v2  
    44
    55
    6 === Scheduling server ===
    7  All network input to the scheduling server is read by calls of the form `fgets(buf, 256, stdin);` where buf is a 256-byte buffer. There is no possibility of a buffer overrun from these calls. In some cases data is copied out of the buffer to a second buffer; this is done using functions (`parse_str()`, `parse_attr()` and `strncpy()`) that take a buffer-length argument, so again there can be no buffer overruns.
     6== Scheduling server ==
     7
     8All network input to the scheduling server is read by calls of the form `fgets(buf, 256, stdin);` where buf is a 256-byte buffer. There is no possibility of a buffer overrun from these calls. In some cases data is copied out of the buffer to a second buffer; this is done using functions (`parse_str()`, `parse_attr()` and `strncpy()`) that take a buffer-length argument, so again there can be no buffer overruns.
    89
    910The scheduling server doesn't run any secondary programs.
    1011
    11 The scheduling server creates disk files in which it stores request and reply messages. These files have names of the form PATH/sched_req_PID where PATH is a compiled-in directory name (e.g. /tmp) and PID is the server process ID. There is no possibility of the server creating executable files, or files in other directories.
     12The scheduling server creates disk files in which it stores request and reply messages. These files have names of the form `PATH/sched_req_PID` where `PATH` is a compiled-in directory name (e.g. `/tmp`) and `PID` is the server process ID. There is no possibility of the server creating executable files, or files in other directories.
    1213
     14== File upload handler ==
    1315
    14 === File upload handler ===
    15  The file upload handler parses its input in the same way as the scheduling servers, except for file data. This data is read using fread() in fixed-sized increments. So there are no buffer overruns.
     16The file upload handler parses its input in the same way as the scheduling servers, except for file data. This data is read using `fread()` in fixed-sized increments. So there are no buffer overruns.
    1617
    17 The file upload handler reads and writes files with names of the form BOINC_UPLOAD_DIR/filename, where BOINC_UPLOAD_DIR is a compiled constant for the directory where data files are stored. 'filename' is checked for '..' and such requests are ignored. Hence files outside the directory cannot be read or written.
     18The file upload handler reads and writes files with names of the form `BOINC_UPLOAD_DIR/filename`, where BOINC_UPLOAD_DIR is a compiled constant for the directory where data files are stored. 'filename' is checked for '..' and such requests are ignored. Hence files outside the directory cannot be read or written.
    1819
    19 The only place where files are created (in copy_socket_to_file()) is a call 'fopen(path, "wb");'. Hence no executable files or links are created.
    20 
     20The only place where files are created (in `copy_socket_to_file()`) is a call '`fopen(path, "wb");`'. Hence no executable files or links are created.