Re: [Monotone-devel] Re: encrypted monotone (and digression on

[Daniel Carosone]

On Mon, Jul 10, 2006 at 05:35:53PM -0700, Graydon Hoare wrote:
> 3. That buffer is immediately appended to a heap std::string and data is 
> parsed from there using "safer" extractor functions. The extractor 
> functions all test the length of every extraction against the string 
> length, and assert fatally if they are asked to pass the end of the 
> string they're reading from.

Although an example of careful programming for different objectives,
this sounds like a way to DoS/crash a server.

The other points all sound good - at least necessary, if not
sufficient :-)

Another possible interpretation of the question is around data
confidentiality, assuming all the other points are addressed. If I
expose a monotone server containing a collection of branches, even
with all the process containment tricks, I have to rely on monotone's
internal security controls regarding selective access to db contents.
So it's valid to question the robustness of these controls and any
implementation or deployment caveats around them.  I'm not really sure
if this was part of the OP's concern.

--
Dan.

pgpdrF98hQEKM.pgp
Description: PGP signature