store icon indicating copy to clipboard operation
store copied to clipboard

Published 20 hours ago verified publisher icon mgsloan

Document security aspects of using store

Open sjakobi opened this issue 7 years ago • 2 comments

At least with #101 it is now possible to craft a malicious bytestring that, when peeked, results in an invalid data structure.

I think it should be documented that store must not be used to deserialize binary data from untrusted sources.

It also seems like it is in principle possible to "misinterpret" data that was encoded e.g. with different Store instances. Maybe the README and/or Haddocks should suggest using something like stacks VersionHash.

BTW cereal has intentionally used fromList to deserialize Maps etc since https://github.com/GaloisInc/cereal/pull/20. I still believe that at least WRT stack, store makes the right speed-security-tradeoff now.

sjakobi avatar Mar 01 '17 02:03 sjakobi

Makes sense!

mgsloan avatar Mar 01 '17 05:03 mgsloan

On the other hand, it's nice to know that some things are safe to peek (e.g. reading some Int will definitely give you a value and will not crash your program). Can we document these security aspects by specifying both what's supposed to be safe and what's definitely not safe?

abooij avatar Mar 01 '17 19:03 abooij