[e-lang] A broken brand?
tyler.close at gmail.com
Sun Mar 2 12:17:28 EST 2008
On Sat, Mar 1, 2008 at 11:38 PM, David Wagner <daw at cs.berkeley.edu> wrote:
> Does this attack look correct to you? Is it well-known?
Yes and I don't know.
> P.S. How did I find the attack? I used trust analysis (aka taint
> analysis). For each security perimeter (e.g., each function), you treat
> the data flowing across that security parameter (e.g., the arguments to
> that function) as untrusted. All of the fields/properties of an untrusted
> object are themselves untrusted. Invoking an untrusted object gives the
> attacker a chance to run code; the return value from such an invocation
> is itself untrusted.
If I understand this methodology correctly, then wouldn't it still
flag this code as suspicious even after your proposed fix is applied?
More information about the e-lang