Getting Pidgin 2.10.10 out the door
Ethan Blanton
elb at pidgin.im
Wed Oct 8 11:54:16 EDT 2014
Mark Doliner spake unto us the following wisdom:
> I think you and Ethan were basically saying the same things in the other
> email thread. As much as possible, we should try to avoid trusting the
> server. There is some gray area here, because obviously there are things
> where you MUST trust the server.
Agreed. We should not trust the server to send us a valid uncorrupted
protocol stream. Assuming that it *does* send us structurally valid
data, we should assume that any of that data that cannot be
independently verified is nominally correct. If it sends us a roster
with entries we didn't put there, or spoofs IMs on a protocol without
end-to-end authentication, there's not very much we can do about that.
We should do our best to deal with whatever is sent, and it's not a
security vulnerability to believe what we're told.
So ... it's really the case where what we're told crashes us, breaks
the parser, etc. is a security bug. Other problems may constitute a
denial of service or the like, but they may also just be the cost of
doing business as an IM client, not security flaws in the client.
Ethan
More information about the security
mailing list