IF FAQ Edit Wizard

Title:

<html>
USIFEX is currently running under <a href="http://www.linux.org">Linux</a>
with some modest security enhancements (telnetd, rshd, rlogind, and rexecd
not running, and sendmail removed and replaced with <a href="http://www.qmail.org">qmail</a>),
and maintained with moderate efforts to install all security-related upgrades.
<p>
The idea futures software is unlikely to add any security holes, but people
are encouraged to look at the <a href="/if/source.html">source code</a>
to see if I've overlooked anything.
<p>
The system designed so that the cgi-scripts should only
be able to affect the system by sending commands to the server daemon.
User input is checked fairly carefully when it reaches the server
(see <code>validate_fn</code> in IFServer.py) to insure that strings
which will be evaluated by the database cannot contain characters that
might be used to execute arbitrary functions.
<p>
I believe the only other way that user can affect the filesystem through
the idea futures web interface is when creating or modifying a claim, a
.html file is written (see GenSearchFiles in IFClaim.py). The file names
are strictly limited by the restrictions on what characters can be used
in a claim symbol, and I can't see any way in which the files could be
executed.
<p>
I have not yet done much analysis of the security weaknesses in the
Python cpickle module which converts user input to Python objects to
pass between cgi-scripts and the server.
</html>

Log message (reason for the change):

Please provide the following information for logging purposes:

Name:
Email:
Password:

Click this button to preview your changes.

4.5. How secure is the server?

USIFEX is currently running under Linux with some modest security enhancements (telnetd, rshd, rlogind, and rexecd not running, and sendmail removed and replaced with qmail), and maintained with moderate efforts to install all security-related upgrades.

The idea futures software is unlikely to add any security holes, but people are encouraged to look at the source code to see if I've overlooked anything.

The system designed so that the cgi-scripts should only be able to affect the system by sending commands to the server daemon. User input is checked fairly carefully when it reaches the server (see validate_fn in IFServer.py) to insure that strings which will be evaluated by the database cannot contain characters that might be used to execute arbitrary functions.

I believe the only other way that user can affect the filesystem through the idea futures web interface is when creating or modifying a claim, a .html file is written (see GenSearchFiles in IFClaim.py). The file names are strictly limited by the restrictions on what characters can be used in a claim symbol, and I can't see any way in which the files could be executed.

I have not yet done much analysis of the security weaknesses in the Python cpickle module which converts user input to Python objects to pass between cgi-scripts and the server.

The U.S. Idea Futures Market / IF FAQ Wizard 1.0.4 / Feedback to pcm
(times: user 0.05, sys 0.01, ch-user 0, ch-sys 0, real 0.08)