- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
And this boys and girls is why you should always include a possibility for executing a system exec (after proper sandboxing/sanitizing of cause) whenever you are designing / programming anything that can accept data from any source where you are not in absolute control.
By doing that, your users can always create their own filters / converters so they do not have to make horrors like the one in the article. The horror works, but adding just one more layer of XML would likely summon something evil (the inner regex is there three times already, all you need to do is replace that with 'H*****' and we all know what will happen in that case)
Admin
Fixed that for you.
Admin
:rofl:
You just described a huge class of security vulnerabilities. Proper sandbox/sanitizing: easier said that done.
Having extension mechanisms is a good idea. When they're available, administrators should be able to use them to do what they need, whether they're custom scripts in a DSL or general-purpose programming language, a C shared library extension, shell script, or whatever (and as you said, sandbox them as much as you posibly can).
But making those extension mechanisms accessible with untrusted data from any source? :rofl:
Admin
I think paula forgot to list this again.
Admin
Here's the same thing as a sexpression, because I was bored:
Where
scary
is:TRWTF is that this doesn't handle subnormals and zeroes correctly.
Admin
Yeah, it's unlisted... @PJH?
Admin
Admin
Fixed that fix for you.
Admin
I assumed that only system admins could create said filters (and that they would do a proper job at it) and I also assumed that the default configuration was NOT to allow executes so they have to be enabled explicitly once there is a good reason. If default is to allow, and any odd developer/user could create them, then yes huge security hole.
And yes, proper sandboxing/sanitizing is a hard thing to do, but with proper care it can be done correctly.
Admin
The funny thing is that XML is a natural representation for computer programs, which are after all (in every programming paradigm that's actually used) just trees and vectors of operations.
Yet it's utterly unreadable for humans. So much for XML being human-centered.
Admin
Did someone ask for ColdFusion? @yamikuronue
Admin
I would argue that JSON is far more natural than XML.
Admin
I deal with software that interfaces to hardware all the time. IMHO TRWTF are hardware designers that torture us software guys by building arcane interfaces just because they can.
Having dealt with MODBUS in the distant past - well that's a WTF as well.
Admin
It's better than ASN.1, but so is Ebola.
Admin
I myself got flamed earlier this month for making the same mistake, but the character is in fact named after the star; it's the film that is named after the two objects that the character uses to help Lydia guess his name.
Admin
Least ASN.1 is honest about needing a machine to be parsed.
Admin
What's so bad about it? It was a format that worked well in its time, and still has its applications. Disclosure: I have to maintain a system that uses it.
Granted, if you're talking about Modbus TCP/IP, one does wonder why they didn't just take the opportunity to move to something else. But what? Some other proprietary binary format (which Modbus TCP/IP certainly is)? XML? JSON?
Admin
Why are you including a 10MB image in this post?
Admin
What Martha said. You did that last time, too.
And again: it should say "vigorously shaking his head," not "vigorously nodding." Vigorously nodding means emphatically agreeing.