[Info-vax] A DCL wish list of sorts...
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri Mar 22 12:16:26 EDT 2019
On 2019-03-22 14:26:17 +0000, pcanagnostopoulos at gmail.com said:
> But I don't understand the descriptions. They talk about a malformed
> command table. How is such a thing created? By a user-defined command
> that exploits a compiler bug?
Correct. Parsers are notorious for security vulnerabilities. This
given many parsers are routinely processing what should be entirely
untrusted input. In the DCL case, the flaw Simon found permitted a
local privilege escalation to system compromise.
Parsers with privileges and kernel-mode parsers (such as the
kernel-mode ASN.1 parsers that can be involved with network security)
are particularly popular targets for fuzzing and for related
shenanigans.
Non-privileged and non-escalating flaws in some components can have
serious security implications. Flaws in a DNS server, for instance.
And DNS servers parse untrusted data.
Isolating the parser is a technique for increasing the difficulty of
exploitation. Same for isolating apps in general, beyond what can be
provided with techniques using ACLs and discretionary access controls.
Here's a recent writeup on one approach:
https://security.googleblog.com/2019/03/open-sourcing-sandboxed-api.html
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list