[Esa-l] Possible suggestions...
mecha.ike at hydramedia.com
Fri Nov 24 03:22:36 PST 2000
Hi Jon (et. al.)
Following my tribulations of earlier in the week, I am starting to spend
some time getting to know the sanitizer, and as a result I have come up
with a suggestion that I would like to share with yourself and the rest of
the community; an RFC as it were.
1. The POISONED_EXECUTABLES [P_E] and MANGLE_EXTENSIONS [M_E] lists - I
have *finally* noticed that entries in the P_E require corresponding
entries in the M_E to actually get them poisoned (correcting the only
problem I hadn't fixed with our local sanitizer). However, this means that
sites that operate a more inclusive (read DRACONIAN) digital security
policy, such as mine, have to add entries to the M_E each and every time
the sanitizer gets updated (not a large job, admittedly, but demands on my
time are many as it is).
I can see two obvious ways around this: 1 - A separate scanning engine for
the P_E (don't bother saying, I can see that it's a daft idea); 2 - An
external M_E_EXTRAS file, containing a single line of further extensions to
be mangled, in the same format as the M_E list to make it a little easier
on yourself (or whoever) to implement.
(There was going to be a 2. but with a tiny bit of tweaking I can do it
myself. Basically, having the intended local recipient listed on all the
SECURITY_NOTIFY* reports. Worthy of consideration for inclusion in the
Anyway, there you go. Not much but I've only been up to speed with it for
a few days.
SYSADMIN (and html-sanitizer user)
Longbridge International Plc
More information about the esd-l