[1579] in WWW Security List Archive
Re: _DNS_ security problems
daemon@ATHENA.MIT.EDU (Dan Stromberg)
Sun Mar 3 20:06:06 1996
Date: Sun, 03 Mar 1996 13:41:24 -0800
From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
To: smb@research.att.com
CC: Rich Salz <rsalz@osf.org>, ekr@terisa.com, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> Syslog() had to change because it doesn't meet Programming 101 specs.
> That is, programs should do sensible things with illegal inputs. At
syslog() is not a program. It's a library interface, a small API.
API's should do reasonable things with illegal inputs, to make it
possible for programs to have some hope of doing reasonable things with
illegal inputs. In theory and practice, large programs built atop well
designed, well documented API's (preferrably libraries of
loosely-coupled objects, of course, and not a mishmash of data and
code), will often do very well with illegal inputs. When I was an
undergrad, that was dual-level grad/undergrad stuff, but I'd like to
think it's moved into the core curriculum of any undergrad program,
today.
syslog(), being an API, should do reasonable things with unreasonable
inputs.
The resolver routines, being an API, should do reasonable things with
unreasonable inputs.
It is irrelevenant how deep into the kernel, or how far out onto the
network, those API's must reach to accomplish their jobs. They should
do reasonable things with unreasonable inputs.
This does not excuse the java team's ignorance of the pitfall (at least
not wholly), but to call it anything but a pitfall is clearly specious.
You can argue (weakly or strongly) that it isn't a problem large enough
to bother fixing, but it remains a problem.
