Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.forth > #24513
| From | "Rod Pemberton" <do_not_have@notemailnotq.cpm> |
|---|---|
| Newsgroups | comp.lang.forth |
| Subject | Re: WWW-safe Forth? |
| Date | 2013-07-15 22:40 -0400 |
| Organization | Aioe.org NNTP Server |
| Message-ID | <ks2blr$2k4$1@speranza.aioe.org> (permalink) |
| References | (13 earlier) <WI2dncHJ98zEFUHMnZ2dnUVZ_oudnZ2d@supernews.com> <krob4u$43g$1@speranza.aioe.org> <4PednaaEJdL3W0LMnZ2dnUVZ_qGdnZ2d@supernews.com> <krv7r1$5e5$1@speranza.aioe.org> <k4WdnaZ_ZdbZpH7MnZ2dnUVZ_rednZ2d@supernews.com> |
"Elizabeth D. Rather" <erather@forth.com> wrote in message news:k4WdnaZ_ZdbZpH7MnZ2dnUVZ_rednZ2d@supernews.com... > On 7/14/13 12:15 PM, Rod Pemberton wrote: > > "Elizabeth D. Rather" <erather@forth.com> wrote in message > > news:4PednaaEJdL3W0LMnZ2dnUVZ_qGdnZ2d@supernews.com... > >> On 7/11/13 9:31 PM, Rod Pemberton wrote: > >>> "Elizabeth D. Rather" <erather@forth.com> wrote in message > >>> news:WI2dncHJ98zEFUHMnZ2dnUVZ_oudnZ2d@supernews.com... > >>>> On 7/9/13 11:09 AM, Rod Pemberton wrote: > >>>> Every implementation does these underlying things > >>>> differently, so the names would be different, and every > >>>> specific platform would put them at different locations. > >>>> Assume DUMP is not available (which it wouldn't be in > >>>> this scenario)? > >>> > >>> The hacker is only trying to breach one. > >> > >> But he has to know which one it is, and how this particular > >> one works. > > > > Do you honestly believe most hackers are smart enough to be > > programmers? They know little to nothing about how the systems > > they breach work. > > Right. But you previously pointed out that in a certain Forth > certain words could always be found at certain locations. In > order to exploit this fact, a hacker would have to know that > he was dealing with *this* Forth on *this* platform and how > *these* words could be used to break it. If hackers know > "little to nothing" about how a target works, that exploit > will not be available. > Yes. But, that has nothing to do with any of the numerous other potential exploits... And, you've assumed that the information needs to be known in advance. The hacker could very well figure out the the information he has about a system after hacking it for a while fits an existing Forth after the fact. Information goes in two directions. Security through obscurity, i.e., secrecy, which is what you're promoting, while it does work, it only works to a certain point. It only slows down an attacker. I.e., at some point, the attacker is going to un-obscure the hidden information. The question is whether they can do so before getting caught or without being caught. > > Difficulty is not an issue for hackers. They only need to find > > a way. > > But to "find a way" into a Forth system without any of the things > they depend on (e.g. C strings) will, IMO, be *effectively* > impossible. > You're willing to state that even while knowing that for an x86 system you only need to be able to store ASCII text and transfer execution there? Well, I wholeheartedly disagree. Computers are designed to execute code. Security is primarily about preventing access to those unauthorized. It's not about preventing code execution. It's generally not about fixing bugs, unless it's becomes a severe security issue. > >>>> Those are generalized assertions. My question is, how would > >>>> you approach doing any of these things in the Forth I > >>>> described above? > >>>> > >>>> [...] > >>>> > >>>> How would you even know whether the Forth calls the OS, or > >>>> whether there is an OS (vs. a native Forth)? All you're > >>>> doing is asserting that it's possible, without any clue how. > >>> > >>> You can't know all possible attack vectors. That's the > >>> problem. > >> > >> True. But we know what it takes to make something happen. As a > >> theoretical statement, it is impossible to make a 100% secure > >> system. But, practically speaking, you can get pretty close. > >> I'm still waiting for you to show me a way to penetrate the > >> system I'm describing. > >> > > > > I'm not a hacker. I've listed quite a few areas that could be > > attacked. And, you indicated about 40% of them were still > > "unprotected" in the sense that they are still useable, i.e., > > open for abuse. > > I challenge the assumption that those things that you call > "unprotected" are, in fact, vulnerabilities. For example, you > can store in PAD or in VARIABLEs. These are in defined data > space. How can this be exploited? If a hacker can find a way to transfer execution there, whatever is there can be executed. > How does being able to send strings to the terminal count > as a vulnerability? > This is just a variation of the above. Video memory is memory. It's storage. Typically, it's memory mapped too. I.e., the video memory is within the address range of the processor's normal memory. I.e., if I input "Hi Bob!" from the keyboard and it's displayed on the screen, then it's stored in memory. Let's say "Hi Bob!" is executable code. If I know where the video memory is and where the string is relative to it, I know the address I need to transfer code execution to in order to execute the string "Hi Bob!". On x86, the single-byte instruction set is so densely packed that ASCII text can be used to construct executable code. It's just a matter of constructing an appropriate text string and transferring execution to that string. So, if the hacker has found a way to start x86 code, he can execute "Hi Bob!". Yes, execution of data regions can be blocked on modern processors. Computers store things, in memory, in CMOS, on disks in sectors. Computers generally don't wipe deleted information, which could be executable code. E.g., a disk holds information in both the allocated and deleted sectors. The deleted sectors can be overwritten or re-used, but they generally aren't wiped of their information upon deletion. On large harddisks, this allows for data permanence even among deleted sectors. E.g., a small virus could have trillions of copies of itself on disk. You could uninfect a machine over and over again without realizing the virus was hiding in the "negative" space. Most people, even forensic, security, and other computer experts, might not realize this. The point is that are always other methods of attack which could lead to a breach. Side-channel attacks were mostly unknown decades ago. > > As stated, only two things are needed: ability to store ASCII > > text and ability to transfer x86 execution there. That's very > > difficult to block in it's entirety. > > > >> My answers above addressed most of those issues. > > > > In the literal sense, yes. However, a hacker is trying to find > > a breach point. You can't know if they can find one even if > > you think you've covered all bases. > > Your contention is that Forth is inherently vulnerable. Aside > from flatly asserting that it's impossible to prove "total > security", you haven't shown a single vulnerability. Therefore, > you haven't proved it's vulnerable. > Circular logic? Okay... I already stated why I believe Forth is inherently vulnerable. I stated two reasons, one of which was you can't both provide a useable system and eliminate the vulnerable words too. The other was that it's very easy to execute code on most processors and in a Forth environment since that's what they're designed to do. You've demanded I prove a breach when I'm not a hacker. So, how about I demand that you show that it's possible to provide a useable that's doesn't have any vulnerable words. > Aside from flatly asserting that it's impossible to prove "total > security", you haven't shown a single vulnerability. Therefore, > you haven't proved it's vulnerable. While logical, AFAIK, that conforms with neither accepted method of implementing security: security by design and security through obscurity. AIUI, the premise of security by design is that it should be assumed that the system is vulnerable and the attacker knows your system as well as you do. Therefore, it's wise to design secure measures into the system upfront. AIUI, the premise of security through obscurity is that the attacker doesn't know how to breach, attempts to breach will be slow, and his attempts will eventually trigger a security response prior to an actual breach. The problem with both security through obscurity and security by design is that they only prevent attacks from known breaches or expected breaches, not the unknown, not the unexpected, not new methods, etc. > >> How do you find out if this Forth has TIB if it's not in the > >> secure wordlist (for example)? > > > > Is the secure wordlist the words the user can or can't execute? > > I was taking "secure wordlist" to mean the ones they > > couldn't... > > A "secure wordlist" is a list of words that the user *can* > execute to write and run a Forth application. So, a wordlist that the user *cannot* execute, i.e., the most powerful, most low-level, and potentially damaging system words, must be called the opposite: "insecure wordlist" ... ? Or, do you have another name for that? > It's not a problem to be able to execute Forth words, [...] You keep saying that. It's not true though. If I enter two values on the stack, and do arithmetic, i.e., '+'. How is that any different from a word that uses '+' assuming that the hacker has the ability to replace the two values to be added with his own values? If a word does some work that the hacker needs done, then a hacker can use a part of that word's functionality to do what he or she desires. How do you prevent that? I.e., the only way I know is for the word you're allowing a user/hacker to use, to not use the functionality. So, if the hacker is after '+', then '+' must not be a part of any word the user/hacker can execute. Without using '+', how do you provide the desired functionality to the user/hacker? ... Of course, '+' is a proxy for words you don't want the hacker to use or abuse: , (comma) @ (fetch) ' (tick) EXECUTE POSTPONE IF THEN etc. > >>>> We have a bunch of considerations already, including a > >>>> limited, sealed vocabulary whose words can only directly > >>>> access an authorized region of data space. Assuming that > >>>> all the user knows is the url to access it, it's reasonable > >>>> to assume that the user would also have a very hard time > >>>> finding out what version of Forth, what implementation > >>>> strategy, under what OS, or any other features that would > >>>> clue you in to a vulnerability. For all you know, it isn't > >>>> even an x86 underneath. > >>> > >>> The OS can be determined before ever connecting to the > >>> "sandboxed" Forth. Most network testing tools can do this. > >> > >> If there *is* an OS... > > > > Why does it matter? > > Because you asserted that the hacker can do certain things with > known or familiar OSs. > Yes, it makes it easier for them, but it's not a requirement. But, that wasn't what I asserted. You equated a Forth system with an OS. I stated that hardcoded data could be used to help breach a system. It could also be used to identify it. > > If a hacker can gain the ability to execute code (with > > sufficient privileges where implemented), they can install > > their own OS, as long as it's for the correct processor, or > > they could flash a new BIOS etc. If they flashed a netboot > > ROM BIOS on your machine, you've got a serious problem. > > If a hacker can boot a processor from a thumb drive, it doesn't > matter how secure the code running on that processor is. But > this has nothing whatever to do with Forth. > True, but it's unrelated to what's directly above too, which could occur on a Forth OS or a Forth as an application. Rod Pemberton
Back to comp.lang.forth | Previous | Next — Previous in thread | Next in thread | Find similar
WWW-safe Forth? papa@sdf.lNoOnSePsAtMar.org (David Meyer) - 2013-07-05 19:24 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-05 13:37 -0700
Re: WWW-safe Forth? papa@sdf.lNoOnSePsAtMar.org (David Meyer) - 2013-07-05 21:17 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-05 15:22 -0700
Re: WWW-safe Forth? papa@sdf.lNoOnSePsAtMar.org (David Meyer) - 2013-07-06 01:56 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-06 14:42 +0200
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-06 07:56 -0500
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-07 01:11 +0200
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-07 02:44 -0500
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-07 10:28 +0000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-06 13:42 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-07 01:40 +0200
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-05 20:20 +0000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-06 12:41 -0400
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-06 12:03 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 12:41 -0700
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-06 14:01 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 14:26 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-06 12:32 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 19:58 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-06 18:14 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-06 21:51 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-06 21:01 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 00:36 -0700
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 01:25 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 01:56 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 08:34 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-07 07:08 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 08:41 -1000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 12:59 -0700
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-07 20:18 +0000
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-09 01:09 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-08 00:09 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 18:15 -0700
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 17:22 -1000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-07 17:20 -1000
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 13:13 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 14:02 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-08 01:25 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 18:26 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-09 19:21 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-10 01:55 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-10 23:51 +0200
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 21:10 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 22:03 -0700
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 22:27 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-08 00:30 -0700
Re: WWW-safe Forth? Hannu Vuolasaho <hannu.vuolasaho@nospam.tut.fi.invalid> - 2013-07-08 13:08 +0000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-08 09:18 -0400
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-08 07:02 -0700
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-08 09:46 -0500
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-08 11:04 -0700
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-08 12:49 -0500
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-08 11:26 -0700
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-08 16:28 -0500
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-08 11:15 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-09 17:09 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-09 12:02 -1000
Re: WWW-safe Forth? Hans Bezemer <the.beez.speaks@gmail.com> - 2013-07-10 23:52 +0200
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-12 03:04 -0400
Re: WWW-safe Forth? gavino_himself <visploveslisp@gmail.com> - 2013-07-28 02:32 -0700
Re: WWW-safe Forth? gavino_himself <visploveslisp@gmail.com> - 2013-07-27 22:18 -0700
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-12 03:31 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-11 23:03 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-14 18:15 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-14 13:50 -1000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-15 14:12 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-15 10:22 -0700
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-15 17:07 +0000
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-17 01:12 -0700
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-17 09:43 +0000
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-17 15:04 +0200
Re: WWW-safe Forth? albert@spenarnc.xs4all.nl (Albert van der Horst) - 2013-07-17 13:50 +0000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-15 07:57 -1000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-15 22:45 -0400
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-15 18:21 -1000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-15 07:52 -1000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-16 16:15 +0000
Re: WWW-safe Forth? "Elizabeth D. Rather" <erather@forth.com> - 2013-07-16 08:17 -1000
Re: WWW-safe Forth? anton@mips.complang.tuwien.ac.at (Anton Ertl) - 2013-07-17 09:33 +0000
Re: WWW-safe Forth? "Rod Pemberton" <do_not_have@notemailnotq.cpm> - 2013-07-15 22:40 -0400
Re: WWW-safe Forth? Andrew Haley <andrew29@littlepinkcloud.invalid> - 2013-07-10 03:26 -0500
Re: WWW-safe Forth? Howerd <howerdo@yahoo.co.uk> - 2013-07-07 01:46 -0700
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 02:39 -0700
Re: WWW-safe Forth? AKK <akk@nospam.org> - 2013-07-07 11:56 +0200
Re: WWW-safe Forth? Paul Rubin <no.email@nospam.invalid> - 2013-07-07 03:20 -0700
Re: WWW-safe Forth? Bernd Paysan <bernd.paysan@gmx.de> - 2013-07-07 01:21 +0200
Re: WWW-safe Forth? Hans Bezemer <the.beez.speaks@gmail.com> - 2013-07-09 23:22 +0200
Re: WWW-safe Forth? gavino_himself <visploveslisp@gmail.com> - 2013-07-27 21:34 -0700
csiph-web