Re: [fw-wiz] Application-level Attacks

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 01/29/05

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
    To: "Marcus J. Ranum" <mjr@ranum.com>
    Date: Sat, 29 Jan 2005 10:24:13 -0500 (EST)
    
    

    On Sat, 29 Jan 2005, Marcus J. Ranum wrote:

    > >Indeed, my question was going to be "What's application layer?" Is SSL
    > >application or transport? RPC?
    >
    >
    > They are exclusively bound into applications running at layer 7, and
    > the flaws in them generally only affect layer 7 processes. So I'd say
    > they are application layer.

    Hmmm, I think that for SSL that's right, but not so much for RPC, which
    seems to have its little tendrils in some stacks a little too twistily.
    I've seen RPC bugs affect the OS on a few OSen.

    The whole "generic transport at the application level" thing bugs me- it
    crosses generic enforcement boundaries too well, so I'm always looking for
    vilification points I suppose.

    > Of course, I remember when Pyramid had in-kernel telnet RFC-compliant
    > drivers(!) for better terminal performance (worked great, too) so probably
    > the distinction will break down when some linux rocket scientist

    The code paths for CIFS and NFS in the Linux kernel don't give me
    hope that we're not past the breakdown point by several years. "Surely
    protecting these services should be a simple matter of overloading
    socket()..." "Ha! You expect everything opening a socket to use the same
    in-kernel interface?"

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"