On Friday, November 14, 2014 at 7:39 AM, travis+ml-lang...@subspacefield.org
wrote:
> Also, a few random thoughts on parsers, bugs, and security... I'm
> afraid this is based on 15+ year old information, but here goes:
>
> Perl had a taint system built in until PERL 4 at least. We need a
> system like type system for plangs but for source, category, and sink
> access control, so my web parameters don't get sent to system(3) by
> mistake. I think I wrote about this a while back, and if not, I can
> dig up the email where I did (to another list).
>
>
I've thought about this for a bit -- blacklisting, whitelisting, and taints --
and I think the best way to enforce a taint is to say that all raw types are
tainted. if you have a String, an Int or an array of bytes, all you can say is
that you received some input. Until you recognize it as an actual domain
object -- Email, Amount, or Image -- it's insecure by default because it hasn't
been recognized. Most of the time this will be a value object, which (if
you're using a decent language) you can implement with a value class that only
enforces types at compile time, meaning that you don't need to instantiate a
wrapper object at run time for it.
Needless to say, any methods you write should not take ints, Strings or byte
arrays in as input, only the domain objects. You can't create a domain object
without recognizing it first. And if you're doing any string comparison or
regex matching, you do that in a method on the domain object.
Will.
_______________________________________________
langsec-discuss mailing list
langsec-discuss@mail.langsec.org
https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
