'Re: [ISN] Music file flaws could threaten traders'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: [ISN] Music file flaws could threaten traders
From:       Russell Coker <russell () coker ! com ! au>
Date:       2002-12-21 18:20:49
[Download RAW message or body]

On Sat, 21 Dec 2002 00:46, Brian May wrote:
> > If that is the approach that you want then why not just audit the source
> > code to all the programs that use such files?
>
> That would be the best long term solution.

In which case OpenBSD may be more suitable to your needs than SE Linux.  
Considered working on the Debian OpenBSD project?

Don't take this as some sort of sarcastic comment.  I think that the OpenBSD 
project is doing some good things and that Debian OpenBSD is a worthy 
project.  I encourage people to work on such things if that interests them.

> Which means were going around in circles, and I am arguing
> your case for running AV programs in a seperate domain, until
> they can be audited at least. Oh well...

;)

> > Surely auditing source code to applications is easier than writing
> > virus-scanners for every type of file that MIGHT break some buggy
> > program somewhere and cause a security hole.
>
> Not so much a virus-scanner, more a "fsck"/validator that works on data
> files rather then harddisk images. I would be surprised if such a
> program doesn't already exist, there must be some program to ensure
> output MP3 files are consistant with the MP3 standard (whether it is
> free software or not though is another matter).

I'm sure that there are "lint" type programs for many different types of file.  
However they are generally aimed at ensuring that the files are usable not 
that they are not going to cause an exploit.  Also it is quite possible for a 
file to comply with all standards and still break an application!  Many 
buffer overflow exploits are of such a nature.

But this would be an interesting topic for research.  Are you planning on 
getting a second Ph.D?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic