[Esa-l] Possible suggestions...

Murray Crane mecha.ike at hydramedia.com
Fri Nov 24 03:22:36 PST 2000


Hi Jon (et. al.)

Following my tribulations of earlier in the week, I am starting to spend 
some time getting to know the sanitizer, and as a result I have come up 
with a suggestion that I would like to share with yourself and the rest of 
the community; an RFC as it were.

1.	The POISONED_EXECUTABLES [P_E] and MANGLE_EXTENSIONS [M_E] lists - I 
have *finally* noticed that entries in the P_E require corresponding 
entries in the M_E to actually get them poisoned (correcting the only 
problem I hadn't fixed with our local sanitizer).  However, this means that 
sites that operate a more inclusive (read DRACONIAN) digital security 
policy, such as mine, have to add entries to the M_E each and every time 
the sanitizer gets updated (not a large job, admittedly, but demands on my 
time are many as it is).

	I can see two obvious ways around this: 1 - A separate scanning engine for 
the P_E (don't bother saying, I can see that it's a daft idea); 2 - An 
external M_E_EXTRAS file, containing a single line of further extensions to 
be mangled, in the same format as the M_E list to make it a little easier 
on yourself (or whoever) to implement.

(There was going to be a 2. but with a tiny bit of tweaking I can do it 
myself.  Basically, having the intended local recipient listed on all the 
SECURITY_NOTIFY* reports.  Worthy of consideration for inclusion in the 
main tree?)

Anyway,  there you go.  Not much but I've only been up to speed with it for 
a few days.

Murray Crane
SYSADMIN (and html-sanitizer user)
Longbridge International Plc




More information about the esd-l mailing list