Re: Preventing Denial of Service Attack In IPC Serialization
On Jun 12, 1:50 am, kouznetsov.vladi...@gmail.com wrote:
Le Chaud Lapin wrote:
No matter what is done with a packet, it is conceivable to serialize a
You keep saying that everything is fine with authenticated good
clients and bad with non-authenticated malicious ones. Why do you
think that control of scarce resources is only applicable when you
need protection from attacks? What if your good authenticated users
consume resources extensively? Say, one good user serializes a map of
maps of strings with total size of 2GB, then your second good user
won't be able to allocate significantly smaller amount of data. Your
first good client may be greedy or just may require serialization of
extra data by mistake.
I as I just pointed out in another post, I make a distinction between
a human being and the software that the human being wrote. In that
case, there are are several situations where the problem I mentioned
in the OP does not exist:
1. There is bi-directional certainty of authenticity of client and
server.
2. The same serialization code is used at both ends of client/server
pipe, either because that code came from the same library (codebase),
or because the client programmer and the server programmer were both
meticulous in getting the protocol right.
If these two conditions are true, then there is nothing to worry
about. The "user" at the client end is not going to do anything. He
might be on a beach in Tahiti. If the "software" that he wrote has
been engineered correctly, then his software is not cause trouble
either. If it has not been engineered correctly, then there might be
much trouble, as would be say, if he places a device driver in hands
of millions of users that blue-screens under peculiar (but common) set
of circumstances.
However, the situation can occur if the programmer at the client end
does not use the actual bit-for-bit copy of code as the programmer at
the server end. There would be a potential for mismatch. In that
case, there would still be security, still be good intention, but DoS
would still occur. This was a problem I had intended to mention after
we all agreed that the un-secure pipe was a real issue.
However, because this last problem can occur does not necessarily mean
that the secure-pipe, well-engineered-code model is illegitimate.
-Le Chaud Lapin-
--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]