Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Application-level Attacks

From: "Paul D. Robertson" <paul () compuwar net>
Date: Sat, 29 Jan 2005 10:24:13 -0500 (EST)
On Sat, 29 Jan 2005, Marcus J. Ranum wrote:


Indeed, my question was going to be "What's application layer?"  Is SSL
application or transport?  RPC?



They are exclusively bound into applications running at layer 7, and
the flaws in them generally only affect layer 7 processes. So I'd say
they are application layer.


Hmmm, I think that for SSL that's right, but not so much for RPC, which
seems to have its little tendrils in some stacks a little too twistily.
I've seen RPC bugs affect the OS on a few OSen.

The whole "generic transport at the application level" thing bugs me- it
crosses generic enforcement boundaries too well, so I'm always looking for
vilification points I suppose.


Of course, I remember when Pyramid had in-kernel telnet RFC-compliant
drivers(!) for better terminal performance (worked great, too) so probably
the distinction will break down when some linux rocket scientist


The code paths for CIFS and NFS in the Linux kernel don't give me
hope that we're not past the breakdown point by several years.  "Surely
protecting these services should be a simple matter of overloading
socket()..."  "Ha!  You expect everything opening a socket to use the same
in-kernel interface?"

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: