Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document security aspects of using store #103

Open
sjakobi opened this issue Mar 1, 2017 · 2 comments
Open

Document security aspects of using store #103

sjakobi opened this issue Mar 1, 2017 · 2 comments

Comments

@sjakobi
Copy link
Contributor

sjakobi commented Mar 1, 2017

At least with #101 it is now possible to craft a malicious bytestring that, when peeked, results in an invalid data structure.

I think it should be documented that store must not be used to deserialize binary data from untrusted sources.

It also seems like it is in principle possible to "misinterpret" data that was encoded e.g. with different Store instances. Maybe the README and/or Haddocks should suggest using something like stacks VersionHash.

BTW cereal has intentionally used fromList to deserialize Maps etc since GaloisInc/cereal#20. I still believe that at least WRT stack, store makes the right speed-security-tradeoff now.
@mgsloan
Copy link
Owner

mgsloan commented Mar 1, 2017

Makes sense!

@abooij
Copy link

abooij commented Mar 1, 2017

On the other hand, it's nice to know that some things are safe to peek (e.g. reading some Int will definitely give you a value and will not crash your program). Can we document these security aspects by specifying both what's supposed to be safe and what's definitely not safe?

@infinity0 infinity0 mentioned this issue Apr 6, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mgsloan @abooij @sjakobi