lynx-dev syslog sending sensitive info

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev syslog sending sensitive info

From:	Gisle Vanem
Subject:	lynx-dev syslog sending sensitive info
Date:	Mon, 6 Sep 1999 21:58:29 +0200 (MET DST)

I compiled Lynx with 'SYSLOG_REQUESTED_URLS' and found that the syslog()
may send sensitive information as broadcast to any syslog deamon that
care to listen. I assume broadcast is much easier to snoop than unicast
(on any link-layer).
 
E.g. URLs with embedded passwords are sent to syslog:
 
  Sep 11 12:26:06 lynx[16177]: ftp://joe:address@hidden/~joe
 
The following patch tries to mask the password by first breaking up
the URL and replacing 'password' with '****'.
 
syslog(URL) is only called twice and with a single argument; in
GridText.c and LYgetfile.c. The patch adds the functions LYSyslog(), 
LYOpenlog() and LYCloselog() to LYutils.c.
 
Besides, LYOpenlog() is called further down in main (after sock_init)
because Watt-32 requires that. AFAICS that doesn't hurt ay platform.
'syslog_text' is now an argument to LYOpenlog(). And "Session over" is
printed in LYCloselog().
 
Gisle V.
 
diffs on '-u3 -B -H' format:
             
-------------------------------- cut --------------------------------

--- gridtext.c.org        Thu Aug 26 05:31:20 1999
+++ gridtext.c            Mon Sep  6 20:51:54 1999
@@ -16,12 +16,6 @@
 
 #include <assert.h>
 
-#ifndef VMS
-#ifdef SYSLOG_REQUESTED_URLS
-#include <syslog.h>
-#endif /* SYSLOG_REQUESTED_URLS */
-#endif /* !VMS */
-
 #include <GridText.h>
 #include <LYCurses.h>
 #include <LYUtils.h>
@@ -6281,11 +6275,9 @@
     StrAllocCat(tmpaddress, "?");
     StrAllocCat(tmpaddress, searchstring);
     user_message(WWW_WAIT_MESSAGE, tmpaddress);
-#ifndef VMS
-#ifdef SYSLOG_REQUESTED_URLS
-    syslog(LOG_INFO|LOG_LOCAL5, "%s", tmpaddress);
-#endif /* SYSLOG_REQUESTED_URLS */
-#endif /* !VMS */
+#if !defined(VMS) && defined(SYSLOG_REQUESTED_URLS)
+    LYSyslog(tmpaddress);
+#endif /* !VMS && SYSLOG_REQUESTED_URLS */
     FREE(tmpaddress);
     if (cp)
        *cp = '?';


--- lygetfil.c.org        Thu Aug 26 05:31:20 1999
+++ lygetfil.c            Mon Sep  6 20:50:10 1999
@@ -32,12 +32,6 @@
 #include <LYexit.h>
 #include <LYLeaks.h>
 
-#ifndef VMS
-#ifdef SYSLOG_REQUESTED_URLS
-#include <syslog.h>
-#endif /* SYSLOG_REQUESTED_URLS */
-#endif /* !VMS */
-
 PRIVATE int fix_httplike_urls PARAMS((document *doc, UrlTypes type));
 extern char * WWW_Download_File;
 #ifdef VMS
@@ -286,12 +280,10 @@
                    WWWDoc.post_data = NULL;
                    WWWDoc.post_content_type = NULL;
                }
-#ifndef VMS
-#ifdef SYSLOG_REQUESTED_URLS
-               syslog(LOG_INFO|LOG_LOCAL5, "%s", doc->address);
-#endif /* SYSLOG_REQUESTED_URLS */
-#endif /* !VMS */
-               if (url_type == UNKNOWN_URL_TYPE ||
+#if !defined(VMS) && defined(SYSLOG_REQUESTED_URLS)
+                LYSyslog (doc->address);
+#endif
+                if (url_type == UNKNOWN_URL_TYPE ||
                    url_type == AFS_URL_TYPE ||
                    url_type == PROSPERO_URL_TYPE) {
                    HTAlert(UNSUPPORTED_URL_SCHEME);


--- lymain.c.org  Sat Aug 28 15:04:14 1999
+++ lymain.c      Mon Sep  6 20:49:12 1999
@@ -38,12 +38,6 @@
 #include <io.h>
 #endif
 
-#ifndef VMS
-#ifdef SYSLOG_REQUESTED_URLS
-#include <syslog.h>
-#endif /* SYSLOG_REQUESTED_URLS */
-#endif /* !VMS */
-
 #ifdef LOCALE
 #undef gettext         /* Solaris locale.h prototypes gettext() */
 #include <locale.h>
@@ -930,9 +924,6 @@
     memset((void *)MBM_A_subbookmark, 0, sizeof(char)*(MBM_V_MAXFILES+1));
     memset((void *)MBM_A_subdescript, 0, sizeof(char)*(MBM_V_MAXFILES+1));
 #ifndef VMS
-#ifdef SYSLOG_REQUESTED_URLS
-    openlog("lynx", LOG_PID, LOG_LOCAL5);
-#endif /* SYSLOG_REQUESTED_URLS */
     StrAllocCopy(list_format, LIST_FORMAT);
 #endif /* !VMS */
     InfoSecs   = (int)INFOSECS;
@@ -1671,16 +1662,6 @@
     HTFormatInit();
     HTFileInit();
 
-#ifndef VMS
-#ifdef SYSLOG_REQUESTED_URLS
-    if (syslog_txt) {
-       syslog(LOG_INFO, "Session start:%s", syslog_txt);
-    } else {
-       syslog(LOG_INFO, "Session start");
-    }
-#endif /* SYSLOG_REQUESTED_URLS */
-#endif /* !VMS */
-
 #ifdef SH_EX
     if (show_cfg) {
        cleanup();
@@ -1971,6 +1952,10 @@
        __system_allow_multiple_cmds  |  /* allow `cmd1; cmd2; ...' */
        __system_redirect;               /* redirect internally */
 #endif  /* __DJGPP__ */
+
+#if !defined(VMS) && defined(SYSLOG_REQUESTED_URLS)
+    LYOpenlog (syslog_txt);
+#endif
 
     /*
      * Here's where we do all the work.


--- lyexit.c.org  Wed Jul 14 10:25:26 1999
+++ lyexit.c      Mon Sep  6 21:03:54 1999
@@ -9,9 +9,6 @@
 #include <LYSignal.h>
 #include <LYClean.h>
 #include <LYMainLoop.h>
-#ifdef SYSLOG_REQUESTED_URLS
-#include <syslog.h>
-#endif /* SYSLOG_REQUESTED_URLS */
 #endif /* !VMS */
 
 /*
@@ -145,12 +142,9 @@
      */
     LYCompleteExit();
 
-#ifndef VMS
-#ifdef SYSLOG_REQUESTED_URLS
-    syslog(LOG_INFO, "Session over");
-    closelog();
-#endif /* SYSLOG_REQUESTED_URLS */
-#endif /* !VMS */
+#if !defined(VMS) && defined(SYSLOG_REQUESTED_URLS)
+    LYCloselog();
+#endif /* !VMS && SYSLOG_REQUESTED_URLS */
 
 #ifdef exit
 /*  Make sure we use stdlib exit and not LYexit. - GAB


--- lyutils.c.org Thu Aug 26 05:31:20 1999
+++ lyutils..c     Mon Sep  6 21:54:30 1999
@@ -7555,3 +7555,53 @@
 }
 
 #endif
+
+#if !defined(VMS) && defined(SYSLOG_REQUESTED_URLS)
+/*
+ * syslog() interface
+ */
+PUBLIC void LYOpenlog ARGS1(
+       CONST char *, banner)
+{
+#if defined(WATT32)
+    openlog("lynx", LOG_PID|LOG_NDELAY, LOG_LOCAL5);
+#else 
+    openlog("lynx", LOG_PID, LOG_LOCAL5);
+#endif
+
+    if (banner) {
+        syslog(LOG_INFO, "Session start:%s", banner);
+    } else {
+       syslog(LOG_INFO, "Session start");
+    }
+}
+
+PUBLIC void LYSyslog ARGS1(
+       CONST char *, arg)
+{
+  if (is_url((char*)arg)) { /* proto://user:address@hidden/path:port */
+                            /*             ^this colon              */
+     char *colon = strchr(arg, ':');
+     char *at    = strchr(arg, '@');
+
+     if (colon && at && (colon < at) && colon > strchr(arg, '/')) {
+         char buf[1024];
+
+         strncpy (buf, arg, (size_t)(colon-arg));
+         strcat (buf, "******");
+         strcat (buf, at);
+         syslog (LOG_INFO|LOG_LOCAL5, buf);
+         return;
+     }
+  }
+  syslog (LOG_INFO|LOG_LOCAL5, arg);
+}
+
+PUBLIC void LYCloselog NOARGS
+{
+  syslog(LOG_INFO, "Session over");
+  closelog();
+}
+
+#endif /* !VMS && SYSLOG_REQUESTED_URLS */
+


--- lyutils.h.org  Sat Aug 28 15:04:14 1999
+++ lyutils.h      Mon Sep  6 20:53:50 1999
@@ -217,6 +217,22 @@
 extern HTList *sug_filenames;
 
 /*
+ * syslog() facility
+ */
+#if !defined(VMS) && defined(SYSLOG_REQUESTED_URLS)
+#ifdef WATT32
+#include <sys/syslog.h>
+#else
+#include <syslog.h>
+#endif
+
+extern void LYOpenlog  PARAMS((CONST char *banner));
+extern void LYSyslog   PARAMS((CONST char *arg));
+extern void LYCloselog NOPARAMS;
+
+#endif /* !VMS && SYSLOG_REQUESTED_URLS */
+
+/*
  *  Miscellaneous.
  */
 #define ON      1

-------------------------------- cut ---------------------------

[Prev in Thread]

Current Thread

[Next in Thread]

lynx-dev syslog sending sensitive info, Gisle Vanem <=
- Re: lynx-dev syslog sending sensitive info, Klaus Weide, 1999/09/07

Prev by Date: Re: lynx-dev hyphenation (was tech. question: translating strings)
Next by Date: Re: lynx-dev hyphenation (was tech. question: translating strings)
Previous by thread: lynx-dev Patches questions
Next by thread: Re: lynx-dev syslog sending sensitive info
Index(es):
- Date
- Thread