[DGD] Changing connect() (network package)

bart at wotf.org bart at wotf.org
Sun Dec 30 01:56:28 CET 2007 

On Sun, 30 Dec 2007 00:33:28 +0100, Felix A. Croes wrote

> It is also a matter of liability.  DGD, as I provide it, does not
> in itself provide a possible staging ground for attacks on other
> hosts, full stop.  Of course, this argument does not have as much
> force as it used to, with buffer and heap overflows now being used
> to inject arbitrary code all the time, but intention matters.

Yes, and I accept that argument as to why you don't want to provide outgoing
connections in vanilla DGD. 

My issue is with the argument that an external daemon is a good solution as
answer to people wondering about if DGD could facilitate the writing of a
networking package in a clean way. I'm arguing that while it solves one issue,
it adds more then one in return.

> 
> As to the difficulty, mud security breaches of all sorts happen all
> the time.

Definitely, but that doesn't change that there are some best practises one can
follow to reduce the risk.

You do that with the 'no outgoing connections so they can't be a problem'
approach in vanilla DGD. 

If one does have outgoing connections, best practises dictate to not add extra
complications and subsystems that serve no functional purpose but do add
potential vulnerabilities and complexity.

> 
> > That said, I can understand why you don't like them, but I can't see any
> > argument as to why an external connection service is a good solution for this
> > since it only adds more potential security problems and does not solve a
> > single one.
> 
> As I see it, if you want outgoing connections you can't be too
> concerned about security.

But you do initiate outgoing traffic with DGD (hostname lookup), well shielded
from guest coders maybe, but not at all shielded from random users on the
internet because they can trigger it by making a connection to any port DGD
listens to. I could see how at least in theory people can use this to cause
extra load on the DNS infrastructure.

So.. either you aren't too concerned with security, which I don't believe, or
you are presenting this as a black/white matter, which it isn't really.

Initiating outgoing traffic, being it udp or tcp brings certain problems, and
enables certain possibilities. In your situation, being able to make outgoing
tcp connections doesn't serve a good enough purpose, for some others it does.
That has little to do with being concerned about security or not.

>  An external daemon is a good solution
> for the sake of keeping up with changes in DGD code, not for any
> other reason.

Agreed.

--
Created with Open WebMail at http://www.bartsplace.net/
Read my weblog at http://soapbox.bartsplace.net/

More information about the DGD mailing list