From: oliver <oliver@first.in-berlin.de>
To: Gerd Stolpmann <info@gerd-stolpmann.de>
Cc: Xavier Leroy <Xavier.Leroy@inria.fr>, caml-list@inria.fr
Subject: Re: [Caml-list] Hashtbl and security
Date: Mon, 2 Jan 2012 02:43:14 +0100 [thread overview]
Message-ID: <20120102014314.GA4960@siouxsie> (raw)
In-Reply-To: <1325462283.5036.189.camel@samsung>
On Mon, Jan 02, 2012 at 12:58:03AM +0100, Gerd Stolpmann wrote:
[...]
> > > What I could imagine is a module Sys.Security where all security
> > > features are accessible and configurable, e.g.
> >
> > I doubt that this makes sense.
> > Nearly anything that can be programmed can become a security
> > issue, if done wrong; especially things done on the
> > operating system level (like Unix module) could become
> > a security issue, if things are handled without care.
>
> Thanks for your argumentative help - by being ignorant you prove my
> thesis that typical programmers won't do anything by themselves. The
> world is so much trouble, better put the head into the sand, and hope
> the attacker won't pick you. (Well, sorry, maybe a bit too harsh, but I
> hope you get my point that it is no excuse that also other security
> issues may exist).
[...]
You completely did NOT see what I talked about.
I did not say, this problem should be ignored.
At the day when I heard from this bug I also was tempted to
post to this list here; just someone was faster then me.
What I meant was not to ignore the problenm, because there are other
problems; I meant, that there is no reason to ship the functionality
into Sys.Security, if it belongs to Hashtbl.
As you said, it is necessary to point the attention of the programmer
to crucial points, this means, that the Hashtbl-Initialization
needs to be in the Hashtbl module.
The docs for the Hashtbl are the place, where a programmer looks for
information on Hashtbles of course, and not in some module in any other place.
Especially if the progranmmer is not aware of the problem, it's a necessity
to place the information at the place of the module that you want to use.
This is good style of documentation and also is rather FPL like.
Exporting the Seeds-functionality to some other module is very similar
to using global variables in a C program.
Put the things where they belong to.
And Hashtbl-init belongs to Hashtbl-module.
[...]
> > A mandatory (not optional) hash-function-parameter
> > that must be passed (plus some default hash functions
> > with elaborated documentation on the properties of those)
> > would make more sense to me.
>
> The seed is so far optional. Sure, requiring it mandatorily would ensure
> it is passed, but I guess programmers would just become used to the
> idiom "Hashtbl.create ~seed:0 ()".
If the type is an abstract type, which comes from something like
Hashtbl.Randomseed
and has type t, not type int, this problem would vanish.
[...]
> > Putting things that need tp be part of the Hash-module
> > aside into a Sys.security-module makes these things less
> > apparent to the programmer who just wants to use hashes,
> > and don't thinks about using hashes might be a security problem.
>
> If done right, this won't be a problem anymore for the typical user (who
You also mentioned, that programmers might be too lazy or are not aware of the
problem. Then putting the initialization to some unrelated module is not
supporting the programmer to become aware of the problem.
Even if the person already knows that there might be some security issues with the
hashtables, then I doubt, that the first idea of most programmers would be to look
out for something like Sys.Security.
Instead I would assume higher frequency of asking mails on this list,
about this problem.
Ciao,
Oliver
next prev parent reply other threads:[~2012-01-02 1:43 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-30 16:44 Gerd Stolpmann
2011-12-30 16:48 ` Yaron Minsky
2011-12-30 19:01 ` David Allsopp
2011-12-30 20:52 ` Yaron Minsky
2011-12-30 21:54 ` Gerd Stolpmann
2011-12-30 17:06 ` Xavier Leroy
2011-12-30 21:16 ` Gerd Stolpmann
2011-12-31 0:57 ` oliver
2011-12-31 0:59 ` oliver
2012-01-01 12:52 ` Richard W.M. Jones
2012-01-01 17:29 ` Xavier Leroy
2012-01-01 21:04 ` Gerd Stolpmann
2012-01-01 23:24 ` oliver
2012-01-01 23:58 ` Gerd Stolpmann
2012-01-02 1:43 ` oliver [this message]
2012-01-04 17:56 ` Damien Doligez
2012-01-04 21:52 ` oliver
2012-01-02 9:34 ` David MENTRE
2012-01-30 10:54 ` Goswin von Brederlow
2011-12-30 17:40 ` rixed
2011-12-30 17:52 ` Edgar Friendly
2011-12-31 1:02 ` oliver
2011-12-31 0:33 ` oliver
2012-01-02 0:21 ` Shawn Wagner
2012-01-02 14:52 ` Gerd Stolpmann
2012-01-30 10:51 ` Goswin von Brederlow
2012-01-31 14:16 ` Gerd Stolpmann
2012-02-08 9:41 ` Goswin von Brederlow
2012-02-08 10:43 ` Philippe Wang
2012-02-08 10:46 ` AUGER Cédric
2012-02-09 13:22 ` Goswin von Brederlow
2012-02-09 14:48 ` Gerd Stolpmann
2012-02-08 11:12 ` Gerd Stolpmann
2012-02-09 13:11 ` Goswin von Brederlow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120102014314.GA4960@siouxsie \
--to=oliver@first.in-berlin.de \
--cc=Xavier.Leroy@inria.fr \
--cc=caml-list@inria.fr \
--cc=info@gerd-stolpmann.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).