On Tue, Aug 23, 2016 at 2:08 AM, Marko Rauhamaa <ma...@pacujo.net> wrote: > Random832 <random...@fastmail.com>: > >> On Mon, Aug 22, 2016, at 11:40, Chris Angelico wrote: >>> Windows has some other issues, including that arbitrary files can >>> become executable very easily (eg if %PATHEXT% includes its file >>> extension), and since the current directory is always at the >>> beginning of your path, this can easily turn into a remote code >>> execution exploit. >> >> I didn't include dot in my example whitelist, and there's no mechanism >> for an attacker to add random extensions to your PATHEXT. > > Years back, my FTP server was hacked by exploiting a buffer overflow. > The anonymous input directory contained a very long filename that > apparently contained some valid x86 code. > > Did you vet your whitelist so it couldn't possibly be interpreted by the > CPU as meaningful instructions?
Step 1: Don't have buffers. Step 2: Profit! Anyone who's using fixed-sized buffers for application-level code deserves to be exploited. A program designed to be accessed via the internet is never (well, hardly ever) going to need so much performance that it can't afford to be written in a high level language - it's going to spend most of its time waiting for the network. The rare exceptions (*maybe* DNS, but even there, I'd be quite happy to replace my DNS server with one written in Pike, if BIND9 ever becomes a major threat vector) should be monitored closely - preferably statically checked with something like Coverity - because they're remotely-accessible and thus a major risk. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
