[Twisted-Python] Potential PB Security Problem (And Solution)

Kevin Turner acapnotic at twistedmatrix.com
Fri Feb 15 21:04:38 MST 2002 

On Fri, 2002-02-15 at 19:12, Christopher Armstrong wrote:
> For as long as I remember, that was *never* the point. Haven't you ever
> heard glyph shouting from on high, "Explicit is better than implicit!"?

Funny words for a sect which celebrates in masqurading objects and
generally deplores strict type checking.

> Well, the point was, the code wasn't *meant* to pass privelaged
> information to an object across the wire - notice that it was a Copied.
> This could also be done for more things than Copied - imagine a method
> that takes a list as one of its arguments and appends some secure data
> to it. You could spoof a list with a remote object that has an append()
> method.

What do you mean, "wasn't meant to pass privledged information"?  Your
example has you appending the "secure data" to a list that's from who
knows where!  You have no idea who holds a reference to that list, or
who will hold references to the list (or certain items on the list) in
the near future.  And, as a happy little object, I don't see why you
should care.  You perform your operation with the given parameters, and
that's all your job is, isn't it?

I guess there's the "Referenceable vs Copyable" facet which I haven't
been paying a lot of attention to in this discussion.  When I choose
between those two spreadable flavours (the module name is spelled wrong,
BTW), I am thinking about what goes over the wire, but only in terms of
how much it will change, how much the states of the objects need to be
synchronized, how much traffic it's generating, etc.  But I've never
seen the use of Copyable as a security option.  If I had data I did not
want getting outside, I do not think I should entrust it to *any* object
which came from Outside, whether it be a RemoteCopy or RemoteCache or a
list-like object with whiskers.

I guess it's only fair to admit that I've written very little
application code with twisted.spread and read even less, so it's
entirely possible that I lack the experience to understand the issues
here...  but some things bein' said just don't ring true to me.

"So-at-least-ONE-of-us-has-been-replaced-by-an-evil-robot"-ly yours,

  Kevin

-- 
The moon is waxing crescent, 10.8% illuminated, 3.1 days old.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 240 bytes
Desc: This is a digitally signed message part
URL: </pipermail/twisted-python/attachments/20020215/4c63cc42/attachment.sig>

More information about the Twisted-Python mailing list