Re: Preventing Denial of Service Attack In IPC Serialization
On Jun 1, 12:37 pm, Nominal Pro <majorsc...@gmail.com> wrote:
If it's insecure, then that's your answer: it's insecure. That means
injection attacks are possible, whether it's an attempt to force your
deserialization code to malloc too much, or something more subtle,
like bogus objects. Per-thread quotas on allocated pages is just an
attempt to move your heuristic sanity checks down into the OS. Those
sanity checks are not a substitute for validating your source and
preventing injection attacks. Use SSL tunneling or something similar.
Nice response, and I agree.
This leads us to a simple conclusion, was somewhat sure of when I
wrote the OP, but now I am certain of: one cannot have his cake and
eat it. Generalized serialization frameworks, the kind that many C++
programmers write, fail in the face of insecure IPC channels.
Being a researcher in computer networking, this is very troubling to
me. It means that the most wonder of feature of serialization,
obviation of microscopic attention to marshalling of data across the
channel, fails completely. On an insecure channel, every single
element just be range-checked, etc.
This means that if one wants to avoid DoS attacks, either through over
memory allocation or simple causing the server to choke on bad data,
one really should not use serialization at all over an insecure
channel.
-Le Chaud Lapin-
--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]