Secure Coding mailing list archives
4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
From: dinis at ddplus.net (Dinis Cruz)
Date: Thu, 06 Apr 2006 13:57:30 +0100
der Mouse wrote:
At least one aspect of that is a design defect in TCP/IP, allowing unprivileged users to create a port to receive inbound connections.I don't think it's fair to call that any kind of defect in TCP/IP.
I agree
There is nothing at all in TCP or IP that says anything whatsoever about what privilege may or may not be necessary to establish a listen for incoming connections. If you must call this a flaw, at least place the "flaw" where it actually is - in the implementation(s).
I am not sure that the problem is in the implementation either. From my point of view, the problem is in allowing malicious applications (or code) to have access to it in the first place. If an application is a File Compression utility, then there is no reason why it should have access to the TCP stack. And if they do need access to it (for example to check for updates), then those exceptions should be very well controlled and monitored.
I'm also not convinced it's a flaw at all; calling it one sounds to me like viewing a TCP stack designed for one environment from the point of view of a drastically different environment. In the environment most current TCP stacks were designed for, listening for connections on a "high" port should not be a restricted operation. In calling that a defect, you appear to be looking on it from a point of view which disagrees with that, which actually means just that you've picked the wrong TCP stack for your environment, not that there's anything wrong with the stack for its design environment.
If this was doable (creating custom TCP Stacks) and practical, maybe that would be an alternative (since there is no better security countermeasure, than the one that removes the 'exploitable' target) Dinis Cruz Owasp .Net Project www.owasp.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20060406/2755cf1b/attachment.html
Current thread:
- 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Apr 06)
- 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code ljknews (Apr 06)
- <Possible follow-ups>
- 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Apr 06)