« It's like a pastel black | Main | Jeff's Journal »

Dave, what does "sagacious" mean?

Quote of the day:

Turning off L2-cache is of course an effective way of throttling performance, if that was what you were thinking of.

I have found a potentially security issue with the US Postal Service. It involves the asynchronous delivery of addressed messages.

Let me start by saying that I love the US Postal Service. The provide a great service that works pretty well. Their operating procedures are quite sound; I think they are modeled off UDP.

Let me explain: you drop off a message at any random point in the network, and as long as it's properly addressed and paid for, the US Postal Service will do a pretty darn good job of getting your message to the destination. If the USPS can't get the message delivered properly, it will be returned to you. Failing that, go to the bitbucket for a year or so (the dead letter post office). This is very much like UDP (although dropped packets certainly don't stick around for a year in any present implementation -- I think the US Postal Service just has chosen to have a Very High Quality Implementation of UDP).

I put outgoing mail in my mailbox at home all the time, and put the flag up to indicate that there is mail to be delivered. The mailman comes along at some point in the day (admittedly, the exact time of which has proven to be fairly random -- they probably use Microsoft schedulers). He takes my outgoing mail and inserts it into UDP^H^H^Hpostal network. My mailbox works as a termination point as well -- the mailman put messages addressed to me in it.

Overall, the system works pretty well.

Until now.

This morning, I put a bunch of outgoing messages in my mailbox, and raised the semaphore ("put the flag up"). Later this afternoon, I did a sema_trywait() and noticed that I had, indeed, failed to decrement the semaphore (because the mailman already did), so my new messages must have arrived.

I went out to my mailbox and dequeued my messages. I was flipping through then when to my surprise I discovered that the last message in the pile was actually one of my outgoing letters! Clearly, I had caused a buffer overflow in the mailman, and as a safeguard he just transferred the outgoing message back over to the incoming queue so that it wouldn't be lost. So you gotta admire that -- even in a catastrophic failure, no data was lost. Pretty cool.

But it causes me to wonder -- could I execute arbitrary code on the mailman? Don't be a pervert; just think -- what if I could write a 1-3 code snipit that would allow me to view other users' mail? The potential damage could be quite severe.

Write your congressman; this issue needs to be addressed.

Comments (2)

joanna:

…and…so what does SAGACIOUS mean. Although a catchy…oo-la-la word..what does it mean?

Scialina:

Sagacious (Sa*ga”cious) (?), a.
[L. sagax, sagacis, akin to sagire to perceive quickly or keenly, and probably to E. seek. See Seek, and cf. Presage.]

1. Of quick sense perceptions; keen-scented; skilled in following a trail. “Sagacious of his quarry from so far.” Milton.
2. Hence, of quick intellectual perceptions; of keen penetration and judgment; discerning and judicious; knowing; far-sighted; shrewd; sage; wise; as, a sagacious man; a sagacious remark. “Instinct … makes them, many times, sagacious above our apprehension.” Dr. H. More. “Only sagacious heads light on these observations, and reduce them into general propositions.” Locke.

Thought I’d help you out.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

About

This page contains a single entry from the blog posted on September 2, 2001 1:12 AM.

The previous post in this blog was It's like a pastel black.

The next post in this blog is Jeff's Journal.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.34