Date: Sat, 12 Aug 2000 14:48:23 +0200 From: Martin Cracauer <cracauer@cons.org> To: Brian Fundakowski Feldman <green@FreeBSD.ORG> Cc: Kris Kennaway <kris@FreeBSD.ORG>, audit@FreeBSD.ORG Subject: Re: Fuzz testing Message-ID: <20000812144822.A3193@cons.org> In-Reply-To: <Pine.BSF.4.21.0008120128150.2231-100000@green.dyndns.org>; from green@FreeBSD.ORG on Sat, Aug 12, 2000 at 01:32:38AM -0400 References: <Pine.BSF.4.21.0007310408460.633-100000@freefall.freebsd.org> <Pine.BSF.4.21.0008120128150.2231-100000@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In <Pine.BSF.4.21.0008120128150.2231-100000@green.dyndns.org>, Brian Fundakowski Feldman wrote: > On Mon, 31 Jul 2000, Kris Kennaway wrote: > > > For example: > > > > a2p.core as.core csh.core flex++.core flex.core sh.core > > I've been tracking down sh.core, because I consider this very > important. The shells _must_ be secure, and "crashing" bugs certainly > don't make them seem so. In the sh(1) case, it crashes on input of > control characters. This wouldn't be a problem normally, because > there is tons of code in sh(1) that is made to support escaping all > evil control characters in the input. > > However, Martin Cracauer seems to think making it 8-bit clean is done > by not escaping the control characters :-( I have no idea how you > would believe that control characters are "okay" to leave unescaped > "just because" they're used by a character set, and indeed that should > be all the more reason to make sure they're properly escaped. This is FUD, <insert some strong term to name you here>. I said it is preferrable to change the whole stuff to 16 bits per char (different space for chars and control things) over just escaping chars in the same space. Never did I neglect the problem. 16-bits/different space is certainly more secure since you are robust against coding errors in all the zillion place you would need to take escaped chars into account. Just never have a control thing where you would expect a char (in the lower 8 bits of the 16). > This needs a hell of a lot of reversion to fix. Yes, I think this > probably security implications :-( The complex sh rules make it almost impossible to make sh scripts secure, no matter how good the implementation is. Anyone who exectutes possibly unfriendly sh scripts under a to-be-protected userid is just insane. Again, I certainly will make sh 8-bit clean unless someone pisses me off too badly. Martin -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer <cracauer@cons.org> http://www.cons.org/cracauer/ BSD User Group Hamburg, Germany http://www.bsdhh.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000812144822.A3193>