[linux-elitists] untrusted data handling

Steve Beattie steve@wirex.net
Wed Aug 27 12:59:52 PDT 2003


On Tue, Aug 26, 2003 at 06:15:18PM +0000, Jason Lunz wrote:
> agreed. I just wish more attention were paid to the entire security
> perimeter of a machine. For most worksthations, this means everything
> that processes possibly hostile data.  That is, not just its network
> services, but everything that handles an email, a web page, or anything
> embedded in a web page or handed off to a mime handler.
> 
> Look at the recent Windows hole caused by an overflow in the parsing of
> midi headers. How confident are you in the security hardening of your
> midi player? Of the hackers who can do competent security audits, how
> many do you think devote their time to the universe of oddball
> mime handlers in /etc/mailcap?

There's already been a security vulnerability found in one of the *nix mp3
players, mpg123 <http://www.securityfocus.com/bid/6629/>. 

A few years ago, I was ripping my audio cd collection using a set of
bourne shell scripts called abcde, which would use cddb data (submitted
by random users) to identify the cd attributes (artist, album, and song
titles). A couple of song titles had an '`' in them which caused abcde
to give an error. It didn't take me long to realize a song title of `rm
-rf ${HOME}` would've made me unhappy. (This is issue has since been
fixed in abcde.) I've never seen a cddb spec, but I've often wondered
how other cddb clients would handle song titles that were, say, 15kb long.

Lynx itself has had enough security problems that I find it highly
sketchy to use it in a mailcap for auto-handling html mail with a client
like mutt.

There is progress being made, however. Some of us within Immunix are
using tools like SubDomain, which does process based confinement, to more
tightly confine client programs (xmms, xpdf, acroread, w3m, driftnet, gpg,
mutt, mozilla, unrtf, etc.). Some of the OpenBSD people have been doing
similar things with their systrace tool (which has been ported to linux),
to the point of trying to confine xterms. In fact, David Wagner's Janus
tool, the forefather to a lot of the tools in this space, was specifically
written so he could sandbox netscape and its helper applications.

Techniques like these, brittle as they can be to admin, I believe is where
we're headed if we're going to prevent client-side issues in the *nixes.

-- 
Steve Beattie                               Don't trust programmers?
<steve@wirex.net>                         Complete StackGuard distro at
http://NxNW.org/~steve/                            immunix.org
        http://www.sardonix.org -- Audit code, earn respect.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030827/8f3144cc/attachment.pgp 


More information about the linux-elitists mailing list