Defensive programming

Robin Becker robin at jessikat.fsnet.co.uk
Sun Jun 1 17:18:19 CEST 2003


In article <mailman.1054463105.27128.python-list at python.org>, Jack
Diederich <jack at performancedrivers.com> writes
>On Sun, Jun 01, 2003 at 10:53:10AM +0100, Robin Becker wrote:
>> This recently slashdotted paper
>> 
>> http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003/index.html
>> 
>> suggests that many common algorithms (including perl hashing) are open to low 
>input
>> DoS attack.
>> 
>> I know that the Timbot and other python 'bots are pretty smart, but are there 
>python
>> algorithms that suffer the same vulnerabilities?
>> 
>
>The author brought this up on python-dev and the 'bots did indeed
>disect the arguments.  The verdict was that it is interesting but not a
>problem (or at least a solvable problem) in practice.  Specific problems are 
>best solved at specific layers, and DoS attacks that eat CPU are best solved
>at the operating system level.
>
>
Having read the python-dev discussion it seems the bots are unwilling to
change the hash function at least for now unless it's at least as fast. 

I guess most would like these sorts of problems to just 'go away', but
of course they won't. I seem to recall there are efforts to change the
way OS data memory is allocated to avoid stack attacks etc so these
things are being taken more seriously at that layer.

I think the danger of this kind of attack is that it comes from the
simplest usage. Just using DICT[k] = v somewhere in a script might
create an opening if k comes somehow from user input.

After reading python dev I know at least not to give an eval opening to
10**10**10 (pretty well any kind of eval is open to abuse though) and
allowing someone to create their own regex is at least as dangerous.
-- 
Robin Becker




More information about the Python-list mailing list