> Tom Collins wrote:
>> On Dec 23, 2006, at 6:41 PM, Rick Widmer wrote:
<snip - I'll address the ALTER statement separately>

>>> - Don't update the relay CDB for statically covered addresses.
>>> (extended version.)
>> Do we have to worry about a race condition where I do my POP pickup  and
>> the relay CDB isn't updated with the new timestamp (since I'm in  there
>> from an earlier pickup) but the entry expires before my SMTP  starts?  I
>> don't think I've ever used the pop-before-smtp feature, so  I'm not sure
>> on the details of how it works...
> No.  Update_rules builds the final cdb file by concatenating the static
> addresses in the file specified by TCP_FILE and the dynamic addresses
> either from a database or file.  This patch only makes excludes the
> static addresses.  If you are already allowed in by a static entry,
> don't bother to manage your dynamic entry...
That is correct - this patch actually helps eliminate race conditions by
reducing the frequency of CDB update.  Because an address that is covered
by a static rule will never be overridden by a dynamic one (since
tcpserver is supposed to  use the first rule it finds), this won't impact
the security of the CDB.  If it's denied, you'd never connect in the first
place, and if it's allowed it's already allowed and the dynamic rule
should never get matched.  The reason I say "should" instead of "will" is
that that's what the documentation states.

I just tested and that's not what actually happens - it takes the best
match.  So there is one potential problem with this (though I consider it
minimal) - if you have a rule that doesn't include the 'RELAYCLINET=""'
and/or 'RBLSMTPD=""', you may end up getting denied if you're depending on
pop-before-smtp.  However, IMHO SMTP-AUTH should be used instead as it's
both more reliable and more secure, but not everyone pushes that.  So
there may be unintended consequences with this patch...

I'm not sure how to best address it, but I see 3 choices: 1) exclude the
patch from the main tree but publish it as an add-on (not great); 2)
include the patch and document the changes in how the CDB is built and
works (better, but may cause breakage for some people); or 3) put the code
inside an #ifdef and make it a configure option (I'd enable it by default,
but it could go either way).  I know nothing about configure, so I'm not
sure how to do it, but I'd guess it's pretty simple to change...

Anyway, those are my thoughts on how it works and the potential
consequences of the patch...

Joshua Megerman
SJGames MIB #5273 - OGRE AI Testing Division
You can't win; You can't break even; You can't even quit the game.
  - Layman's translation of the Laws of Thermodynamics

Reply via email to