Winboard Forum

[Lance Perkins]

Geschrieben von:/Posted by: Lance Perkins at 29 June 2004 01:56:54:

Since there have been discussions in the security of chess applications, so, allow me to put in some of my thoughts.
The fact that an application flaw can be exploited does not necessarily mean that someone can actually exploit it, if the application is isolated.
So what if an application crashes and you can orchestrate an input that can make the crash and execute arbitrary code? If the input can only come from you, then you're fine.
The real problem is when you allow the same application to take input from untrusted sources.
There are a lot of applications that can crash given a wrong input. And for a good number of them, the crash can be exploited. Lets say your favorite image-editing program crashes if you save your work to a file with a very long file name. Now, if someone sends you an email telling you to save your files using some long file name, would you do it? But if someone sends you an image with a long file name and you open it with your image-editing application, then you're in trouble.
For our interest, there is an issue when you let WinBoard connect to the internet, and you let WinBoard run your flawed/insecure engine. This time, someone out there can send input to your engine through WinBoard and exploit your engine's flaws.
So how do sensible software companies fix such types of issues? They only fix the application that faces the untrusted input. In our case, WinBoard should do secure input validation. This way, the engines don't have to do it. Since anyway, the engines will only get into trouble if WinBoard is part of the process (and if WinBoard is accepting input from the net).
The same approach is done for software design. You do input validation at the time that you get the input. Once you know that an input is valid, you no longer try to validate it again each time you need to use that input.