From: "Åke Nordin" <ake.nordin@netia.se>
To: tuhs@tuhs.org
Subject: [TUHS] OT: LangSec (Re: A fuzzy awk.)
Date: Mon, 20 May 2024 17:39:02 +0200 [thread overview]
Message-ID: <a7803330-e7ef-457b-822f-9b035028a2b5@netia.se> (raw)
In-Reply-To: <20240520135404.1B4181FB2F@orac.inputplus.co.uk>
On 2024-05-20 15:54, Ralph Corderoy wrote:
> Doug wrote:
>> I commend attention to the LangSec movement, which advocates for
>> rigorously enforced separation between legal and illegal inputs.
> https://langsec.org
>
> ‘The Language-theoretic approach (LangSec) regards the Internet
> insecurity epidemic as a consequence of ‘ad hoc’ programming of
> input handling at all layers of network stacks, and in other kinds
> of software stacks. LangSec posits that the only path to
> trustworthy software that takes untrusted inputs is treating all
> valid or expected inputs as a formal language, and the respective
> input-handling routines as a ‘recognizer’ for that language.
. . .
> ‘LangSec helps draw the boundary between protocols and API designs
> that can and cannot be secured and implemented securely, and charts
> a way to building truly trustworthy protocols and systems. A longer
> summary of LangSec in this USENIX Security BoF hand-out, and in the
> talks, articles, and papers below.’
Yes, it's an interesting concept. Those *n?x tools that have
lex/yacc frontends are probably closer to this than the average
hack.
It may become hard to reconcile this with the robustness principle
(Be conservative in what you send, be liberal in what you accept)
that Jon Postel popularized. Maybe it becomes necessary, though.
--
Åke Nordin <ake.nordin@netia.se>, resident Net/Lunix/telecom geek.
Netia Data AB, Stockholm SWEDEN *46#7O466OI99#
next prev parent reply other threads:[~2024-05-20 15:39 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-20 13:06 [TUHS] A fuzzy awk. (Was: The 'usage: ...' message.) Douglas McIlroy
2024-05-20 13:14 ` [TUHS] " arnold
2024-05-20 14:00 ` G. Branden Robinson
2024-05-20 13:25 ` Chet Ramey
2024-05-20 13:41 ` [TUHS] Re: A fuzzy awk Ralph Corderoy
2024-05-20 14:26 ` Chet Ramey
2024-05-22 13:44 ` arnold
2024-05-20 13:54 ` Ralph Corderoy
2024-05-20 15:39 ` Åke Nordin [this message]
2024-05-20 16:09 ` [TUHS] Re: OT: LangSec (Re: A fuzzy awk.) Ben Kallus
2024-05-20 20:02 ` John Levine
2024-05-20 20:11 ` Larry McVoy
2024-05-20 21:00 ` Ben Kallus
2024-05-20 21:03 ` John R Levine
2024-05-20 21:14 ` Larry McVoy
2024-05-20 21:46 ` Ben Kallus
2024-05-20 21:57 ` Larry McVoy
2024-05-20 16:06 ` [TUHS] Re: A fuzzy awk. (Was: The 'usage: ...' message.) Paul Winalski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a7803330-e7ef-457b-822f-9b035028a2b5@netia.se \
--to=ake.nordin@netia.se \
--cc=tuhs@tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).