river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michal Kleczek <michal.klec...@xpro.biz>
Subject Re: Towards Internet Jini Services (trust)
Date Tue, 12 Oct 2010 12:12:53 GMT
On Tuesday 12 of October 2010 14:00:14 Sim IJskes - QCG wrote:
> 
> It doesn't happen with readUTF(). The first bytes read are the stream
> header, (0xac, 0xed, 0, 5), and then the length, then the bytes
> composing the string. No parsing of TC constants, and no optional code
> paths that can lead to out-of-anything dos attacks. Send it with
> writeUTF, read it with a custom function limiting the length of the
> string and voila whe have at least made it 1 step more difficult to dos.
> 

I understand your arguments but I am still not convinced - you somehow have to 
send a ProxyTrust instance (or any remote object reference) so that you can 
verify codebase using it.
You have to assume what it is going to be anyway. I just don't see a real 
difference between having custom parsing/instantiation and (limited by not 
allowing recursive annotations) parsing/instantiation done by 
ObjectInputStream.

If we need this kind of protection I would do it at the lower level - just 
have a counting InputStream that throws IOException when a certain limit of 
bytes read is reached (it won't be caught and ignored by malicious code since 
we don't run any malicious code - at least not yet :) )

Michal

Mime
View raw message