• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Robustness of CoreData against malicious documents?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Robustness of CoreData against malicious documents?

  • Subject: Re: Robustness of CoreData against malicious documents?
  • From: glenn andreas <email@hidden>
  • Date: Tue, 4 Apr 2006 09:34:40 -0500

On Apr 4, 2006, at 7:39 AM, Cem Karan wrote:

I've been working on a project that I'd like to convert to using CoreData, but before I do so, I'd like to know how robust CoreData is against malicious documents. Basically, I want to know what CoreData does against deliberately malformed documents. Does it have the brains to react to buffer overflow attacks? Attacks where the underlying XML/database/binary data has been hand crafted to be bad? Etc. Note that this is beyond the simple problem that a number is outside of some range (which is what the built-in and custom validation methods seem to handle); this is down at the level where someone WILL twiddle/insert/delete any bits that they can, just in order to break the application, and gain unauthorized access.

Ideally, I'd get back an error of some kind that I can print out at the user indicating that the data is malformed/bad/dangerous/ whatever, but if all that CoreData does is kill the application immediately, I'm happy with that. What I absolutely CANNOT accept is an exploit that allows untrusted code to run at an elevated level.

If the user has access to the machine, there will be far easier ways to run code at an elevated level (after all, OS X is not a trusted platform and is only rated as being "suitable for a cooperative non- hostile environment" <http://niap.nist.gov/cc-scheme/st/ ST_VID4012.html>).

If you are worried about untrusted data sources, one could always run an XML verifier before loading the data (where at least you could get a level assurance based on the XML verifier, or for the truly paranoid, run the XML verifier as a part of an assured pipeline on a trusted machine (i.e, "Rainbow book" level of assurance)).

After all, nobody can realistically say "product XYZ is immune to buffer overflow". If you absolutely cannot accept any possibility of an exploit allowing untrusted code to run at an elevated level, you'll need to switch to a different operating system (or convince Apple to add type enforcement to their kernel)




Glenn Andreas                      email@hidden
 <http://www.gandreas.com/> wicked fun!
Widgetarium | the quickest path to widgets

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Robustness of CoreData against malicious documents?

      • From: Cem Karan <email@hidden>
      • 





References: 


 >Robustness of CoreData against malicious documents? (From: Cem Karan <email@hidden>)






    

  • Prev by Date:
Re: Path names in executable

    • 

  • Next by Date:
NSTableViews with NSSliderCells

    • 

  • Previous by thread:
Robustness of CoreData against malicious documents?

    • 

  • Next by thread:
Re: Robustness of CoreData against malicious documents?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •