[1576] in WWW Security List Archive
Re: _DNS_ security problems
daemon@ATHENA.MIT.EDU (Rich Salz)
Sat Mar 2 21:12:20 1996
From: Rich Salz <rsalz@osf.org>
Date: Sat, 2 Mar 1996 18:54:53 -0500
To: rsalz@osf.org, strombrg@hydra.acs.uci.edu
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>Anyway, I'm not sure you and I _do_ disagree.
>However, it makes at _least_ as much sense to fix the oddities in
>syslog/DNS, as it does to slap the hands of people who wrote code that
>does not take those oddities into account. I tend to argue that it makes
>"more sense".
We do disagree. It's always good to fix bugs.
In a security sense, however, if a secure (or safe) implementation makes
guarantees then it *must* do the moral equivalent of knowing every single
line of code it uses, or it must document the assumptions upon which it
is built. This is known as defining the Trusted Computing Base, or TCB:
that part of the system which must be trusted if the rest of the system is
to function according to its guarantee.
If Java guarantees that applications can only open TCP connections to
the place they came from, then Java must either not use DNS or it must
document how it depends on DNS to assure this guarantee.
/r$
