Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 May 2013 05:25:56 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Yet more crashes

Jim -

On Thu, May 02, 2013 at 04:47:26PM -0500, jfoug wrote:
> Dynamic cannot be 'fixed' to be crash proof.  Since any user can create any
> format, bad or not, there is simply no way, unless dynamic checked every
> byte written, each time, which would cripple the format.
> 
> I could chase my tail forever, fixing specifically formatted purposeful
> garbage, only to have the format still be just as open as it is today.
> Anyone can create a dynamic script that crashes.   Here is an example, there
> are infinite number of these ;)

I think it is in fact expected that dynamic formats (as well as external
mode) are crashable (and more) with certain configuration file settings.

However, I think it may be practical to make reasonably defined dynamic
formats not crashable with bad password files (even with purposefully
malicious ones).

Do you agree?  What's the current state of dynamic formats with respect
to bad password files?

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ