[e-lang] A broken brand?

Tyler Close tyler.close at gmail.com
Sun Mar 2 12:17:28 EST 2008


On Sat, Mar 1, 2008 at 11:38 PM, David Wagner <daw at cs.berkeley.edu> wrote:
>  Does this attack look correct to you?  Is it well-known?

Yes and I don't know.

>  P.S. How did I find the attack?  I used trust analysis (aka taint
>  analysis).  For each security perimeter (e.g., each function), you treat
>  the data flowing across that security parameter (e.g., the arguments to
>  that function) as untrusted.  All of the fields/properties of an untrusted
>  object are themselves untrusted.  Invoking an untrusted object gives the
>  attacker a chance to run code; the return value from such an invocation
>  is itself untrusted.

If I understand this methodology correctly, then wouldn't it still
flag this code as suspicious even after your proposed fix is applied?

--Tyler


More information about the e-lang mailing list