AWARE [SYSTEMS] Imaging expertise for the Delphi developer
AWare Systems, Imaging expertise for the Delphi developer, Home TIFF and LibTiff Mailing List Archive

LibTiff Mailing List

TIFF and LibTiff Mailing List Archive
August 2008

Previous Thread
Next Thread

Previous by Thread
Next by Thread

Previous by Date
Next by Date

Contact

The TIFF Mailing List Homepage
This list is run by Frank Warmerdam
Archive maintained by AWare Systems



Valid HTML 4.01!



Thread

2008.08.29 22:53 "Some security fixes from RHEL", by Even Rouault
2008.08.30 02:08 "Re: Some security fixes from RHEL", by Tom Lane
2008.09.01 22:18 "Re: libtiff security", by Dmitry V Levin
2008.08.31 15:17 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.08.31 15:38 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.08.31 21:09 "Re: Some security fixes from RHEL", by Rogier Wolff
2008.08.31 21:21 "Re: Some security fixes from RHEL", by <o.druemmer@callassoftware.com>
2008.08.31 21:51 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.08.31 22:08 "Re: Some security fixes from RHEL", by Lee Howard
2008.08.31 22:21 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.01 22:10 "Re: Some security fixes from RHEL", by Dmitry V Levin
2008.09.03 08:21 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.03 15:11 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 17:31 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.03 17:48 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.08.31 21:52 "Re: Some security fixes from RHEL", by Toby Thain
2008.08.31 22:01 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.08.31 21:59 "Re: Some security fixes from RHEL", by Lee Howard
2008.08.31 22:17 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.01 06:29 "Re: Some security fixes from RHEL", by Rogier Wolff
2008.09.01 06:53 "Re: Some security fixes from RHEL", by Toby Thain
2008.09.01 03:12 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.01 15:52 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.01 21:33 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.03 16:38 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.03 17:07 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 17:20 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.03 18:02 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 18:13 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.03 18:43 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 20:47 "Re: Some security fixes from RHEL", by Edward Lam
2008.09.03 21:01 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.03 18:32 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.03 19:04 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 19:32 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.03 21:39 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.03 21:59 "Re: Some security fixes from RHEL", by Even Rouault
2008.09.03 22:35 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.03 23:31 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.04 07:47 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.04 12:55 "Re: Some security fixes from RHEL", by Edward Lam
2008.09.06 01:20 "Re: Some security fixes from RHEL", by Jay Berkenbilt
2008.09.04 07:22 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.04 08:05 "Re: Some security fixes from RHEL", by Tom Lane
2008.09.04 08:52 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.04 20:06 "tiffsplit.c broken on Windows in trunk", by Edward Lam
2008.09.04 20:41 "Re: tiffsplit.c broken on Windows in trunk", by Toby Thain
2008.09.04 21:13 "Re: tiffsplit.c broken on Windows in trunk", by Edward Lam
2008.09.05 06:42 "Re: tiffsplit.c broken on Windows in trunk", by Andrey Kiselev
2008.09.03 17:16 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.04 07:45 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.01 22:30 "Re: Some security fixes from RHEL", by Dmitry V Levin
2008.09.03 08:05 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.01 05:11 "Re: Some security fixes from RHEL", by Tom Lane
2008.09.01 15:30 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.01 15:33 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.02 08:13 "Re: Some security fixes from RHEL", by Tom Lane
2008.09.02 08:24 "Re: Some security fixes from RHEL", by Tom Lane
2008.09.02 12:01 "Re: Some security fixes from RHEL", by Kai-uwe Behrmann
2008.09.02 15:49 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.03 08:14 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.03 14:07 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.03 15:53 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.01 16:23 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.01 18:00 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.01 22:04 "Re: Some security fixes from RHEL", by Dmitry V Levin
2008.09.01 15:40 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.01 18:19 "Re: Some security fixes from RHEL", by Rogier Wolff
2008.09.01 18:45 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.02 15:54 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.02 16:39 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 08:03 "Re: Some security fixes from RHEL", by Andrey Kiselev

2008.09.01 16:23 "Re: Some security fixes from RHEL", by <ron@debian.org>

On Mon, Sep 01, 2008 at 01:11:50AM -0400, Tom Lane wrote:
> Lee Howard <faxguy@howardsilvan.com> writes:
> > Bob Friesenhahn wrote:
> >> If an application needs to be secure/stable in the face of hostile 
> >> files then it should not link against libtiff. 
> 
> > While the above statements are undoubtedly accurate, the sentiments that 
> > they express are unhealthy for the large community that uses libtiff.  
> 
> More than that: they're unhealthy for the future of TIFF itself.
> 
> What this position is basically saying is that "TIFF is unsafe for use
> on the internet".  Well, the internet is a sufficiently large chunk of
> the potential application space these days that making any such
> restriction is effectively signing your own death warrant.

I guess the authors of Internet Explorer didn't get that memo either.

>  People will
> simply stop using TIFF in favor of other alternatives that are more
> widely supported by safer (or perceived-to-be-safer) software.
> 
> As maintainer of Red Hat's libtiff package, I am now seriously wondering
> whether I must recommend that Red Hat disable TIFF support in any
> application that has any internet exposure.

You should recommend they disable all internet access.  It's the only
way to be sure that something terrible, like having your package
repository hacked and security packages trojaned won't happen one day.


> My rough estimate is that the number of packages that would continue
> to support TIFF after such a recommendation would be zero.  libtiff
> would become an instant pariah.

Right.  Like Certificate Authorities became instant pariahs after not
noticing they'd been certifying thousands of identical keys from a very
small set for two full years ...

> I realize that hardening libtiff is likely to be a long and tedious
> process.  But I think failing to accept that you've got to do it is
> a good way to kill the project.

I think failing to understand what that would take and the chances
of actually succeeding against a determined attacker, and assuming
that it's someone else's problem to make something suitable for
_your_ desired use, is an excellent way to ensure the 'hats have
a long and prosperous future.

You've been given some frank and explicit advice, and a patch to
apply for the latest known exploit.  If you choose to ignore the
former and not apply the latter before distributing it to your
users, that would be on your head -- pointing fingers at people
who didn't make the same assumptions you have, but are happy to
share their work with you, doesn't strike me as a terribly
productive chain of thought.

On the bright side though, once you've killed off all the projects
that aren't safe to process untrusted data, you should find you are
left with a distribution so small that it would be quite easy to
maintain single handedly -- so if this is your itch, it's probably
quite doable.  In the same way that libtiff is perfectly functional
for people who don't want to throw random things they found on the
internet through it.  I'm sure if people submit patches for new
bugs they'll get applied eventually if they are correct.  The real
beauty of free software is you can apply them any time you like,
without having to wait for someone else to find the time for that.

It always seems to work much better when people offer to help
rather than insist someone who already gave you so much somehow
owes you more as a result.

Do svidaniya,

 Comrade Hat