[cap-talk] Selling capabilities programming
James A. Donald
jamesd at echeque.com
Thu Jul 26 01:44:15 EDT 2007
James A. Donald wrote:
> > If two programs are permitted to communicate, the
> > security properties are the same as if they can
> > transfer capabilities unobserved and undetectably.
David Hopwood wrote:
> You are mistaken. For example, consider the case where
> the communication is by a one-way data-only channel.
> (One-way implies no acknowledgements.)
Commonly, when a web server comes under attack, a bad
message is sent to the web server that causes it to
execute script contained in the message at a higher
level of privilege than it deserves. Often the bad
message is sent from a zombie machine, whose master has
no interest in the response.
One such attack had the language parameter in the http
request set to a string about fifty thousand
kilocharacters long. The request was internally
reflected from one internal corporate server to the
other, causing the string to be interpreted as script
originating from within the corporation. Needless to
say, no response to this http request was expected or
sent.
More information about the cap-talk
mailing list