Searching for a quote

Stephen Satchell list at satchell.net
Fri Mar 13 13:14:09 UTC 2015


On 03/12/2015 10:25 PM, Keith Medcalf wrote:
> Robustness is desirable from a security perspective.  Failure to be
> liberal in what you accept and not being prepared to deal with
> malformed input leads to such wonders as the Microsoft bug that led
> to unexpected/malformed IP datagrams mishandled as "execute payload
> with system authority".  Rather than sloppiness you could also
> attribute the error to malice -- that it was injected at the specific
> request of certain government agencies, perhaps under threat, perhaps
> with just a wink and a nod ...

"Being liberal in what you accept" and "being prepared to deal with
malformed input" are two different concepts.  Back when I was involved
with protocol design on ARPAnet, what I was taught is that one has to be
able to handle *correctly* malformed input, and not yield astonishing
results.

This is not easy, particularly in assembler language.  Blowing buffer
boundaries is just plain crap code.

As for malice, I've never seen that.  Not checking buffer boundaries, in
my experience, is always stupidity or laziness.  This is particular true
when someone threw together a proof of concept quickly, then didn't go
in and harden the code before releasing it to the world.  (Some of that
was born during the "interop" meetings, where groups of coders would
assemble in a conference room and bang implementation together --
because it was done quickly, sometimes it was very sloppy.)


More information about the NANOG mailing list