Re: middleware corba vulnerabilities:do they exist?

[xenophi1e <oliver.lavery () sympatico ca>]

In-Reply-To: <3f326166.1798.0 () may ie>

Hi Will,

> I have been researching corba and corba security as a hobbie recently. 
Corba
> security seems to be solid from the omg corba security services 1.8 
manual (only
> got through half of that spec so far). 
>
> does corba have any security flaws that could be improved or are worth a 
research
> investigation? 

Caveat: I haven't used corba in a looong time.

An open(ish) protocol like CORBA is probably at least pretty well 
designed. There are counter-examples to this thinking, but not very many, 
and most are older protocols which show their age (TCP).

If you want to break CORBA there's no sense in trying to attack the 
protocol, imho. These protocols which glue components together like 
COM/DCOM or CORBA bind together pieces of code that are just as likely to 
be poorly written as anything else. Perhaps the protocol works, but a 
specific vendor's ORB's implementation of say, IIOP, is just as likely to 
be buggy as anything else. Not to mention the specific objects you can 
communicate with. Take all the ActiveX vulns out there for instance...

Sure you can add authentication, ACLs, encrypted transport, etc. That 
stuff is a great help, but it will always depend on how well everything 
is implementated. And, far as I can tell, the OMG is designing all this 
security goo to be technology neutral; CSIv2 and the Security Service are 
just components who's strength is entirely dependant on something like 
SSL for secure transport and authentication.

It's much easier to design a secure protocol then to build a secure 
implementation of something. How useful is all the complex ACL goo in NT 
when a simple bug in the implementation of IIS or RPC leaves the door 
swinging open in the breeze... 

My $2*10^-2, FWIW.

Cheers,
~ol