[cl-store-devel] On the security of cl-store

[Nikolaus Demmel]

Am 08.03.2010 um 00:06 schrieb Sean Ross:

> On 7 Mar 2010, at 19:20, Alex Mizrahi wrote:
> 
> Quite right. As always, accepting input from untrusted sources is always going to open yourself
> to a number of potential security issues. The most cl-store will do is try not to
> execute arbitrary code. DOS attacks are part and parcel of accepting requests
> from all and sundry and is only recommended if absolutely necessary.
> 
>> 
>> Finally, one can DoS server by putting it into an infinite loop. This can be 
>> achieved by sending a cyclical data structure where server code expects 
>> simple one. Then iteration or recursive traversal will either hang in 
>> indefinite loop or cause a stack overflow. 
> 
> This shouldn't be possible in cl-store as all cyclic data structures are detected
> and serialized/deserialized correctly (custom serialization/deserializations notwithstanding)

I guess what Alex is referring to is the possibility, that an attacker sends a packet with a cyclic list/data-structure in a place where the server code expects a simple one. If the server code dosn't check for cyclic data-structures and simply traverses them, it might loop forever. Here the problem is precisely the fact that cl-store does recover cycles correctly, so a solution might be to either disable that, or make sure the server doesn't choke on cycles in any possible places.

Regards,
Niko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4623 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/cl-store-devel/attachments/20100308/04fe9a6d/attachment.bin>