Security model for Commons Imaging, Compress, Codec and IO: RCE and DOS?

2023-12-14 Thread Arnout Engelen
Hello Commons developers, I'd like to discuss what our security ambitions are for components like Commons Imaging, Compress, Codec and IO: Generally for Commons, we say that unless otherwise specified it is up to the user of the library to make sure any input is either trusted or correctly valida

Re: Security model for Commons Imaging, Compress, Codec and IO: RCE and DOS?

2023-12-14 Thread Gilles Sadowski
Hello. Le jeu. 14 déc. 2023 à 12:10, Arnout Engelen a écrit : > > Hello Commons developers, > > I'd like to discuss what our security ambitions are for components like > Commons Imaging, Compress, Codec and IO: > > Generally for Commons, we say that unless otherwise specified it is up to > the us

Re: Security model for Commons Imaging, Compress, Codec and IO: RCE and DOS?

2023-12-14 Thread Elliotte Rusty Harold
On Thu, Dec 14, 2023 at 6:09 AM Arnout Engelen wrote: > > Hello Commons developers, > > I'd like to discuss what our security ambitions are for components like > Commons Imaging, Compress, Codec and IO: > > Generally for Commons, we say that unless otherwise specified it is up to > the user of the

Re: Security model for Commons Imaging, Compress, Codec and IO: RCE and DOS?

2023-12-14 Thread Arnout Engelen
On Thu, Dec 14, 2023 at 2:00 PM Elliotte Rusty Harold wrote: > On Thu, Dec 14, 2023 at 6:09 AM Arnout Engelen wrote: > > * I'd say parsing/decompression/decoding should never allow malicious > input > > to trigger arbitrary code execution(?) > > Do any of these products include native libraries/

Re: Security model for Commons Imaging, Compress, Codec and IO: RCE and DOS?

2023-12-14 Thread Mike Drob
On Thu, Dec 14, 2023 at 8:31 AM Arnout Engelen wrote: > On Thu, Dec 14, 2023 at 2:00 PM Elliotte Rusty Harold > wrote: > > > On Thu, Dec 14, 2023 at 6:09 AM Arnout Engelen > wrote: > > > * I'd say parsing/decompression/decoding should never allow malicious > > input > > > to trigger arbitrary c

Re: Security model for Commons Imaging, Compress, Codec and IO: RCE and DOS?

2023-12-14 Thread Elliotte Rusty Harold
On Thu, Dec 14, 2023 at 9:31 AM Arnout Engelen wrote: > > Examples of what I referred to as arbitrary code execution would be > unbounded deserialization of untrusted data (via techniques like those > described in the motivation for > https://docs.oracle.com/en/java/javase/17/core/serialization-f

Re: Security model for Commons Imaging, Compress, Codec and IO: RCE and DOS?

2023-12-14 Thread Gary D. Gregory
Thank you Arnout for starting this thread. I think it's going to be hard to come up with a sensible statement for all 20+ Commons components without categorizing them (some higher/lower level classification) even though this thread only refers to four components. We can make some general state