Date sent: Wed, 14 Aug 2002 13:51:43 +0100
From: Ben Laurie <[EMAIL PROTECTED]>
To: Arne Ansper <[EMAIL PROTECTED]>
Copies to: [EMAIL PROTECTED],
Bodo Moeller <[EMAIL PROTECTED]>
Subject: Re: cvs commit: openssl/util mkerr.pl
Send reply to: [EMAIL PROTECTED]
This is really amazing. A security library that can get corrupted
and the developers don't have a clue on how to fix it properly. If a
library cannot detect a problem and report that problem to the
calling application, for proper handling, then perhaps that library
should be put into quarantine until a valid rational plan to fix the
library has been formulated.
Ken
Arne Ansper wrote:
>
>>Example: when working through the internal session cache we learn,
that
>>the linked list is corrupted, we have dangling pointers and don't
know
>>what is going on. This would touch all threads using the same
SSL_CTX.
>>Thus: we don't know how to repair it -> abort().
>
>
> to make it more extreme: why stop here? perhaps the right solution is to
> reboot the machine? what if some standalone application thinks that the
> best solution for _its own_ problems is to reboot the machine? (happens
> all the time under the windows btw, you install some crap and the
> installer happily reboots your system). for me it's not different if some
> library thinks that the best solution for _its own_ problems is to kill
> the application. the application must have a control. if the internal
> error (it would be correct to call them bugs, btw) happens, application
> must get this information and then it's up to the application to deal with
> it. if it's simple commandline tool it can call abort by itself. if its
> complex application it might unload the openssl and reload it later. or
> save its state and restart. only application knows what the right thing to
> do is.
The point is that the application is now in an inconsistent state and
cannot reliably know anything. Even returning from a function could
cause an exploit. The only safe thing to do is abort (now I think
about
it, probably die() shouldn't even print an error message).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
Available for contract work.
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project
http://www.openssl.org
Development Mailing List openssl-
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
_
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax: 888-823-1542, International 281-560-9170
[EMAIL PROTECTED]
http://www.securenetterm.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
