From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Delivered-To: caml-list@yquem.inria.fr Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by yquem.inria.fr (Postfix) with ESMTP id E9E4BBC75 for ; Fri, 18 Feb 2005 00:14:42 +0100 (CET) Received: from pauillac.inria.fr (pauillac.inria.fr [128.93.11.35]) by nez-perce.inria.fr (8.13.0/8.13.0) with ESMTP id j1HNEgj4001754 for ; Fri, 18 Feb 2005 00:14:42 +0100 Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id AAA11930 for ; Fri, 18 Feb 2005 00:14:42 +0100 (MET) Received: from plover.csun.edu (plover.csun.edu [130.166.1.24]) by concorde.inria.fr (8.13.0/8.13.0) with ESMTP id j1HNEeDE006372 for ; Fri, 18 Feb 2005 00:14:41 +0100 Received: from puffin.csun.edu (puffin.csun.edu [130.166.1.21]) by plover.csun.edu (MOS 3.5.4-GR) with ESMTP id BMC29822; Thu, 17 Feb 2005 15:14:28 -0800 (PST) Received: from [130.166.10.117] (s010n117.csun.edu [130.166.10.117]) by puffin.csun.edu (MOS 3.5.4-GR) with ESMTP id CWG05717 (AUTH eric); Thu, 17 Feb 2005 15:14:26 -0800 (PST) In-Reply-To: <21947.192.168.0.1.1108633144.squirrel@gps.dynxs.de> References: <059442cb47f5e19bca230316a6ae6261@fas.harvard.edu> <21947.192.168.0.1.1108633144.squirrel@gps.dynxs.de> Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <9c3c426c52d70a19ad1dc3e3047a5138@csun.edu> Content-Transfer-Encoding: 7bit Cc: "" From: Eric Stokes Subject: Re: [Caml-list] Safe marshall? Date: Thu, 17 Feb 2005 15:14:30 -0800 To: Mike Hamburg X-Mailer: Apple Mail (2.619.2) X-Miltered: at nez-perce with ID 42152562.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Miltered: at concorde with ID 42152560.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Spam: no; 0.00; caml-list:01 gerd:01 compiler:01 asn:01 gerd:01 stolpmann:01 wrote:01 type-safe:01 marshaling:01 marshaled:01 computed:01 type-safe:01 marshaled:01 serializer:01 xml-rpc:01 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on yquem.inria.fr X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.0.2 X-Spam-Level: I have to agree with Gerd, if at all possible use a protocol compiler such as XDR, or ASN.1, even signing might not be secure if your attacker can get ahold of the keys you are using. I can attest to the robustness of Gerd's XDR implementation, I have used it in several projects. On Feb 17, 2005, at 1:39 AM, Gerd Stolpmann wrote: > Mike Hamburg said: >> Is there any way to call Marshall in a type-safe way? I need to use >> marshaling for a networking program, and I'd rather not leave Marshal >> as an arbitrary code execution vulnerability (which it is as far as I >> can tell: switching on a Marshaled value should produce a computed >> jump, which can be set by an attacker to point to an arbitrary place). >> Am I stuck writing my own marshal function? > > Marshal is not type-safe, no chance. I see three options for you: > > - If it is a closed protocol, you can sign the marshaled values > > - You can use other serializers. A quite simple and fast serializer is > the > XDR encoder in my SunRPC implementation (see > http://ocaml-programming.de/programming/rpc.html). Other options > I know are BER (see ocamldap), XML-RPC, SOAP, and Ensemble. > > - Write the serializer yourself. Maybe this is an option for you > if you need maximum performance. > > Gerd > ------------------------------------------------------------ > Gerd Stolpmann * Viktoriastr. 45 * 64293 Darmstadt * Germany > gerd@gerd-stolpmann.de http://www.gerd-stolpmann.de > ------------------------------------------------------------ > > > > _______________________________________________ > Caml-list mailing list. Subscription management: > http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list > Archives: http://caml.inria.fr > Beginner's list: http://groups.yahoo.com/group/ocaml_beginners > Bug reports: http://caml.inria.fr/bin/caml-bugs >