tustvold commented on code in PR #49761:
URL: https://github.com/apache/arrow/pull/49761#discussion_r3087975701
##########
docs/source/format/Security.rst:
##########
@@ -51,6 +51,34 @@ You should read this document if you belong to either of
these two categories:
documented on https://arrow.apache.org.
+.. _bugs_vs_security:
+
+Bugs vs. Security Vulnerabilities
+=================================
+
+Arrow aims for robustness when processing untrusted data, but it is important
to
+distinguish functional bugs from security vulnerabilities.
+
+Unexpected behavior (e.g., crashes or infinite loops) triggered by malformed
+input is generally considered a **bug**, not a security vulnerability, unless
it
+is **exploitable**. An issue is exploitable if an attacker can:
+
+* Execute arbitrary code (RCE);
+* Exfiltrate sensitive information from process memory (Information
Disclosure);
+* Cause a sustained Denial of Service (DoS) affecting the broader system.
Review Comment:
Here we define DoS as an exploitable issue, but then say that process
crashes are not exploitable?
I think what gets tricky is technically any arrow API could be exposed by a
client application, and therefore in theory could be exploitable in that
applications context.
I wonder if we need to distinguish between network APIs, e.g. arrow flight,
and internal APIs?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
