From: Joel D. <jr...@io...> - 2007-07-25 15:26:48
|
On Wed, 25 Jul 2007, it would appear that Matthew Williams wrote: > David Norwood wrote: >> It was I. It was a mistake and I appologize to everybody. It was not my >> intent to add a security hole to Misterhouse. I'm going to crawl under a >> rock now. > > David, > > No need to apologize. Quite a few of my commits have contained > "undocumented features". That's one of the super-fun benefits of running > off the repository. :-) > > However, I neglected to add a word of advice to my original e-mail. The > hole in http_server.pl was most serious if you were running mh as root. As > a general rule, I strongly recommend running mh as a different user, > dedicated to mh. As well, although I haven't done this myself, it is > probably a good idea to run mh within a chroot jail. > > I am not familiar enough with Windows to know if it is possible to run mh as > a non-Admin user. If it is, then is is obviously a good idea to do so. If > your mh gets compromised, then the potential damage is limited. > > Another good security practice is to not have mh accessible from the > Internet. If you need external access, use a reverse proxy, as explained in > the Misterhouse wiki (misterhouse.wikispaces.com). A reverse proxy will > significantly reduce attack vectors. > > Matt Good points, Matt. Another thing we all have to remember is that this is all a feature and risk of an open source project. On the one hand, we get lots of people contributing new features and fixes to bugs as they're found. On the other hand, there's a chance of something inadvertently slipping through when we implement something new and don't test it thoroughly. I know that when I write a module I tend to limit my testing to the way I'm gonna use it, rather than looking at all possibilities.[1] On the third hand, because we can all see the source code, we all have the opportunity to look through the code we're running. Joel [1] Nothing is foolproof, because the universe keeps creating more and more fools. |