>a firewall has an icicle's chance in hell of adequately >mimicking a system it is supposed to protect if it does so purely on >the assumption that the code it is protecting works "correctly" by >the firewall developer's interpretation of "correct". Or, for that matter, by the official protocol spec's notion of "correct". And there, of course, is the rub! There's always some obscure syntax that as far as the firewall developer knows or the specs say has no interesting semantics at all, but that in fact some client or intervening server in the protected system interprets to mean "broadcast your password file to the universe" or "interpret the following bytes as a Perl script" or "set fire to the CPU". This also makes it hard to block JavaScript in your proxy, remove HTML markup from comments entered into your guestbook, or compose secure SQL queries based partially on user input. Kinda draws together a bunch of themes we've seen here lately! *8) Solutions? Maybe if all protocols for reading semantics from datastreams were specified in terms of completely automatable formal descriptions, and any manufacturer caught including semantics not described by the relevant published formal spec was declared a pariah... Not in this unverse, I suspect! But we can try to slog along in that direction. Other solutions? DC http://www.research.ibm.com/people/c/chess/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:08 PDT