[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: LP#929108 support reading PIN from file when using PKCS#11 devi
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: Fwd: LP#929108 support reading PIN from file when using PKCS#11 devices |
|
Date: |
Mon, 16 Apr 2012 20:22:35 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.3) Gecko/20120329 Icedove/10.0.3 |
On 04/16/2012 07:27 PM, Stef Walter wrote:
>> Maybe this can be mitigated by providing a sanitize_pkcs11_url()
>> function that would strip this field? Then programmers would be advised
>> to call this function for untrusted urls.
> Is the problem of PKCS#11 URIs from untrusted sources sufficiently
> understood? Until the problem and use cases are better understood, I
> would err on the side of discouraging any use of PKCS#11 URIs from
> untrusted sources.
Untrusted sources is quite difficult to define. Untrusted source
might also be the user in some application, so a sanitization might
be required for some applications.
>>> But for sanity's sake would we want to limit the size of the file that
>>> p11-kit will read in its p11_kit_pin_file_callback() handler?
>> Having a sanity check would also be good regardless of a url sanitize
>> function.
> 1MB be a good max sanity check size?
For a PIN? I'd use something like 256 bytes or so!
> Also, while we're on the topic, is the current behavior of reading the
> PIN file byte-for-byte verbatim what's generally expected?
Are there alternatives? PKCS #11 accepts a byte string anyway.
regards,
Nikos