Lists Home |
Date Index |
Tim Bray wrote,
> Miles Sabin wrote:
> > Tim Bray wrote,
> > >Note that dereferencing a URI via GET is in principle and as far
> > > as I can tell in practice safe, assuming you protect against
> > >infinitely-large resource representations.
> > That simply isn't true.
> Gimme a break.
Umm ... no!
> Sitting on your front step isn't safe if you put a plastic bag over
> your head and then bang your head repeatedly on the railing.
> Dereferencing a URI involves opening a network connection, sending off
> the URI, and getting back some MIME headers and a bag of bits. Few
> operations in the computing infrastructure are safer.
You're kidding, right? Or did you miss the recent MIME, HTTP and SSL/TLS
protocol-level parsing vulnerabilities (MS Outlook, Apache, OpenSSL)?
I think we can all agree that paranoia and security vendors/consultants
hyping risks to boost their businesses are a Bad Thing. But so is
> Trying to pretend there's danger here obscures the real and serious
> problems that arise when you start acting based on what you get
> without knowing what you're doing.
Right, but one of the big problems is knowing whether you're acting or
not, never mind whether any particular action is safe. I see you use
Mozilla as your MUA. Have you got it configured to render HTML mails as
plain text? If you haven't, then when img elements in unsolicited HTML
mails are rendered your MUA makes an outgoing network connection.
That's an information leak for a start. And I hope you're patched
against the recent Mozilla PNG library vulnerability ... if merely
rendering a image counts as "acting based on what you get without
knowing what you're doing" then doesn't just about anything?
I don't think there's any reason _at_all_ for believing that XML
consuming network server applications will be less complex, or less
buggy, or more secure, or with more secure default configurations than
HTML consuming MUAs/browsers. We've seen innumberable retrieval-based
security problems in the latter over the last few years, so why the
confidence that we won't see security problems in the former?