[Twisted-Python] pb.Copyable, round trip objects, and untrusted clients

Glyph Lefkowitz glyph at divmod.com
Thu May 20 12:58:10 EDT 2004


On Thu, 2004-05-20 at 05:34, Jasper Phillips wrote:

> Ack!  Now you've got me scared!  Ten other Holes?!  Could you elaborate a
> little more?

There are no constraints on the type of any argument.  Players could
send lists where you expect strings.  Unicode where you expect lists. 
Tuples where you expect dicts.  etc, etc, etc.  Anywhere you have a
method like:

def remote_foo(self, x):
    self.foos.append(x)

e.g. where you save an object without first inspecting it to make sure
that it's what you expect and then store it, later, and in unrelated
code, you will see tracebacks.  Be creative.  Think of ways that you
could exploit this behavior as a user :).

None of this is anywhere as serious as the average protocol bug in a C
program, but it can still seriously disrupt service.

They can also send nasty circular structures which will put a lot of
load on the garbage collector, or may not even ever be collected.  This
is all in the protocol layer before it hits your code.  This is the main
issue that Brian and I set out to address with newpb and we came up with
some of the other hypothetical attacks against the current system along
the way.

> What's in newpb anyway?  I'd thought this was essentially handled with all
> the Avatar/Mind/Realm newcred stuff?

That's authentication.  Very different from security :).





More information about the Twisted-Python mailing list