Firewall Wizards mailing list archives
Re: Application-level Attacks
From: "Paul D. Robertson" <paul () compuwar net>
Date: Sat, 29 Jan 2005 10:24:13 -0500 (EST)
On Sat, 29 Jan 2005, Marcus J. Ranum wrote:
Indeed, my question was going to be "What's application layer?" Is SSL application or transport? RPC?They are exclusively bound into applications running at layer 7, and the flaws in them generally only affect layer 7 processes. So I'd say they are application layer.
Hmmm, I think that for SSL that's right, but not so much for RPC, which seems to have its little tendrils in some stacks a little too twistily. I've seen RPC bugs affect the OS on a few OSen. The whole "generic transport at the application level" thing bugs me- it crosses generic enforcement boundaries too well, so I'm always looking for vilification points I suppose.
Of course, I remember when Pyramid had in-kernel telnet RFC-compliant drivers(!) for better terminal performance (worked great, too) so probably the distinction will break down when some linux rocket scientist
The code paths for CIFS and NFS in the Linux kernel don't give me hope that we're not past the breakdown point by several years. "Surely protecting these services should be a simple matter of overloading socket()..." "Ha! You expect everything opening a socket to use the same in-kernel interface?" Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application-level Attacks, (continued)
- Re: Application-level Attacks Frank Knobbe (Jan 28)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Adam Shostack (Jan 30)
- Re: Application-level Attacks Frederick M Avolio (Jan 30)
- Re: Application-level Attacks Adam Shostack (Jan 30)
- RE: Application-level Attacks Bill Royds (Jan 30)
- Re: Application-level Attacks Danny (Jan 28)
- Re: Application-level Attacks Crispin Cowan (Jan 28)
- Re: Application-level Attacks Paul D. Robertson (Jan 28)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks Dean A Weber (Jan 28)
- Re: Application-level Attacks Dave Piscitello (Jan 28)
- Re: Application-level Attacks R. DuFresne (Jan 28)
- Message not available
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- RE: Application-level Attacks Ben Nagy (Jan 28)