[Cython] Hash-based vtables
Dag Sverre Seljebotn
d.s.seljebotn at astro.uio.no
Wed Jun 6 11:16:38 CEST 2012
On 06/06/2012 11:11 AM, Dag Sverre Seljebotn wrote:
>
>
> Stefan Behnel<stefan_ml at behnel.de> wrote:
>
>> mark florisson, 05.06.2012 22:33:
>>> It doesn't even necessarily have to be about running user code, a
>> user
>>> could craft data input which causes such a situation. For instance,
>>> let's say we have a just-in-time specializer which specializes a
>>> function for the runtime input types, and the types depend on the
>> user
>>> input. For instance, if we write a web application we can post arrays
>>> to described by a custom dtype, which draws pictures in some weird
>> way
>>> for us. We can get it to specialize pretty much any array type, so
>>> that gives us a good opportunity to find collisions.
>>
>> Yes, and the bad thing is that a very high probability of having no
>> collisions even in combination with the need for a huge amount of brute
>> force work to find one is not enough. An attacker (or otherwise
>> interested
>> user) may just be lucky, and given how low in the application stack
>> this
>> will be used, such a bit of luck may have massive consequences.
>
> Following that line of argument, I guess you keep your money in a mattress then? Our modern world is built around the assumption that people don't get *that* lucky.
>
> (I agree though that 64 bits is not enough for the security usecase! I'm just saying that 160 or 256 bits would be.)
(And just to be clear, my current stance is in favour of using interning
for the ID comparison, in the other head of this thread. I just couldn't
resist Stefan's bait.)
Dag
More information about the cython-devel
mailing list