Technology enthusiast with a focus on Free Software and embedded systems. Science fiction promised us general purpose electronics, let’s build them! (And get their security properties right.)

  • 1 Post
  • 2 Comments
Joined 6 years ago
cake
Cake day: January 21st, 2019

help-circle

  • The very same type of mistakes happens in file systems even without URIs being involved. Directory traversal checks look simple but sooner or later need hard-to-understand symlink following rules. Enforcing processor policy has terrible portability there (it even only became practical on Linux with landlock), but nonetheless I think it’s preferable.
    Not mixing URI parsers is a good advice for when processor policies are unavailable – but let’s try to make them available more often.


  • @snaggen I think the better lesson than “don’t mix URI parses” here is “don’t LBYL, rely on EAFP”. Many “Look before you leap” (LBYL) schemes are subject to variations of time-of-check/time-of-use errors. It’s preferable to not sanitize input, but tell the processor what the policy on processing is; when it comes to a violation, it’s easier to ask forgiving (i.e. report the error) than permission (EAFP).