Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:33250 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 87346 invoked by uid 1010); 18 Nov 2007 13:25:03 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 87331 invoked from network); 18 Nov 2007 13:25:02 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Nov 2007 13:25:02 -0000 Authentication-Results: pb1.pair.com header.from=nlopess@php.net; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=nlopess@php.net; spf=unknown; sender-id=unknown Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 212.55.154.22 as permitted sender) X-PHP-List-Original-Sender: nlopess@php.net X-Host-Fingerprint: 212.55.154.22 relay2.ptmail.sapo.pt Linux 2.4/2.6 Received: from [212.55.154.22] ([212.55.154.22:48774] helo=sapo.pt) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 14/03-00464-C2D30474 for ; Sun, 18 Nov 2007 08:25:01 -0500 Received: (qmail 9260 invoked from network); 18 Nov 2007 13:24:57 -0000 Received: from unknown (HELO sapo.pt) (10.134.35.210) by relay2 with SMTP; 18 Nov 2007 13:24:57 -0000 Received: (qmail 9084 invoked from network); 18 Nov 2007 13:24:57 -0000 X-AntiVirus: PTMail-AV 0.3-0.91.1 X-Virus-Status: Clean (0.00503 seconds) Received: from unknown (HELO pc07653) (nunoplopes@sapo.pt@[82.155.74.200]) (envelope-sender ) by mta15 (qmail-ldap-1.03) with SMTP for ; 18 Nov 2007 13:24:57 -0000 Message-ID: <000901c829e6$5d46ff50$4101a8c0@pc07653> To: "Stefan Esser" Cc: "PHP internals" References: <47401946.2050406@sektioneins.de> <006101c829d9$5e2f0140$4101a8c0@pc07653> <4740375B.5020706@hardened-php.net> Date: Sun, 18 Nov 2007 13:24:35 -0000 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="ISO-8859-15"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Subject: Re: [PHP-DEV] Tainted Mode Decision From: nlopess@php.net ("Nuno Lopes") > The other difference is that Venema's implementation assumes that > functions exist that make a variable safe for usage in SQL, HTML, ... > When such a function is used the variable is marked as not tainted... In > the previous mail I showed examples why this is not secure. > > GRASP on the other hand hooks the SQL/output functions and parses the > SQL query/output and catches tainted bytes in places where they could be > dangerous. > The only problems here are how slow this is and that the parsers need to > be compatible. BTW, have you already been able to found real-world exploitable bugs with GRASP? Nuno