[Top] [All Lists]

security review of variables

2005-06-01 08:44:05

this is an attempt to summarise the feedback received from security
reviews by Love Hörnquist Åstrand, Sam Hartman and Jeffrey Hutzelman,
and with input from Alexey Melnikov.

the main (only) issue was the behaviour of length limits.

        how does modifiers to SET interact with length limits?  current
        modifiers can't increase length.

        variables which exceed implementation limits are silently
        truncated when stored.  there is no way for a script to discover
        implementation limits and take appropriate action.  among the
        reviewers, there was consensus that at a minimum the security
        aspects of this behaviour needs to be documented.  an
        alternative suggestion was to establish a namespace where such
        implementation values can be looked up.
        there were worries that other extensions would want some other
        failure mode than "silent truncation" when such limits are
        reached.  I'd like to comment that the limit only concerns
        storing a value, ie. is restricted to the action SET and the
        implicit storage of match variables from tests.  Sieve currently
        has no specified limit to the static length of string or
        multi-line, and it's unclear to me whether a conformant
        implementation is allowed to impose such limits.

non-security objections:

        Love Åstrand thinks restricting variable names to the English
        alphabet is a real problem.

        Jeffrey Hutzelman thinks a mechanism for quoting characters with
        special meaning in regex should be available.  this could be a
        modifier for SET, e.g. :quoteregex.

        Jeffrey Hutzelman thinks the text regarding interaction with
        regex should be in whichever of variables or regex is published
        last, so that what is a normative reference isn't mislabeled as
Kjetil T.

<Prev in Thread] Current Thread [Next in Thread>