> From: Christian Huitema <huitema(_at_)microsoft(_dot_)com>
>> a format that is free from active content is probably a good start...
> I used to think that, until somebody showed me how to fuzz a JPEG file.
> No active content needed, just a syntax sufficiently complex to allow
> for coding mistakes or other oversights.
Sure, you don't need active content for security problems: the old Morris worm
was well before the active-content era - it broke in via string overflows, and
consequent stack bashing. But the point is that, given sufficiently paranoid
code, non-active content is pretty safe - and _it's pretty easy to make code
quite paranoid for non-active content_. The problem with non-active content
usually is that many programmers are just lazy, and/or don't want to spend the
cycles to be paranoid - string overflows again being a classic example.
Active content is a whole different level of thing, because the semantics are
inevitably just much, much more complex. That's the whole _point_ of active,
after all.
But this is getting a bit far afield from formats for IETF presentations, so
I'll cease my anti-active-content rant at this point.
Noel
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf