KHB: Failure-oblivious computing
Posted Jun 29, 2006 11:03 UTC (Thu) by walterh
Parent article: KHB: Failure-oblivious computing
This seems to me to be a very dangerous idea. After all, we are talking about security critical applications here. The poster before me has already mentioned that papering over bugs will remove the incentive for the developers to fix them. But the problem is actually much more severe: Who says that, say, clipping a buffer that is being overrun by an attacker is a safe choice? This could just as well open new and hard to discover security holes.
Only to make an example, consider ACLs: Take a buffer that is supposed to contain a list of users who are to be denied access to a resource. If the buffer overflows and the program is terminated, then not much harm is done. If the buffer overflows and is clipped, then some people can access the resource that shouldn't.
Or, take the example mentioned in the article, pine: If I sent you a virus infected attachment with filename
which will overflow the (hypothetical) built in virus scanner in pine, so that it only sees the name
then the file may go through unscanned. If the save-to-disk routine in pine uses a different buffer length, then the recipient could still save this as an executable.
to post comments)