Re: FireWall-1 FTP Server Vulnerability

[chess () US IBM COM (chess () US IBM COM)]

> a firewall has an icicle's chance in hell of adequately
> mimicking a system it is supposed to protect if it does so purely on
> the assumption that the code it is protecting works "correctly" by
> the firewall developer's interpretation of "correct".

Or, for that matter, by the official protocol spec's notion of "correct".
And there, of course, is the rub!  There's always some obscure syntax that
as far as the firewall developer knows or the specs say has no interesting
semantics at all, but that in fact some client or intervening server in the
protected system interprets to mean "broadcast your password file to the
universe" or "interpret the following bytes as a Perl script" or "set fire
to the CPU".  This also makes it hard to block JavaScript in your proxy,
remove HTML markup from comments entered into your guestbook, or compose
secure SQL queries based partially on user input.  Kinda draws together a
bunch of themes we've seen here lately!  *8)

Solutions?  Maybe if all protocols for reading semantics from datastreams
were specified in terms of completely automatable formal descriptions, and
any manufacturer caught including semantics not described by the relevant
published formal spec was declared a pariah...  Not in this unverse, I
suspect!  But we can try to slog along in that direction.  Other solutions?

DC
http://www.research.ibm.com/people/c/chess/