[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [computer-go] how to use GTP in place of GMP

To: computer-go@xxxxxxxxxxxxxxx
Subject: Re: [computer-go] how to use GTP in place of GMP
From: Peter Paul Elfferich <pp@xxxxxxxxxx>
Date: Thu, 12 Aug 2004 03:49:22 +0200
Delivered-to: computer-go@xxxxxxxxxxxxxxxxx
In-reply-to: <80.12e19575.2e4c1f25@xxxxxxxxxxxxxxxxx>
List-archive: <http://computer-go.org/pipermail/computer-go>
List-help: <mailto:computer-go-request@xxxxxxxxxxxxxxxxx?subject=help>
List-id: computer-go <computer-go.computer-go.org>
List-post: <mailto:computer-go@xxxxxxxxxxxxxxxxx>
List-subscribe: <http://hosting.midvalleyhosting.com/mailman/listinfo/computer-go>,<mailto:computer-go-request@xxxxxxxxxxxxxxxxx?subject=subscribe>
List-unsubscribe: <http://hosting.midvalleyhosting.com/mailman/listinfo/computer-go>,<mailto:computer-go-request@xxxxxxxxxxxxxxxxx?subject=unsubscribe>
References: <80.12e19575.2e4c1f25@xxxxxxxxxxxxxxxxx>
Reply-to: computer-go <computer-go@xxxxxxxxxxxxxxx>
Sender: computer-go-bounces@xxxxxxxxxxxxxxx
User-agent: Internet Messaging Program (IMP) 4.0-cvs

Quoting "Compgo123@xxxxxxxxxxxxxxxxx" <Compgo123@xxxxxxxxxxxxxxxxx>:
> I have one question. Does GTP pose any potential security problem in anyway?

I'd say so. All programs are processing data which has been received over a
network. If either the network or the program on the other side is
untrustworthy this is risky.

For example a program could theoretically try to create a buffer overflow error
in a computer go program by sending some suitable gtp command with a big amount
of data. These kind of errors could thereafter theoretically be used again to
get full user (shell) access to the system.

So, as with all I/O handling: verify all input to be correct or at least specify
upper limits to the amount of data to be processed!

Greetings,

PP

PS: this risk is somewhat limited if the go program is running in a java sandbox

_______________________________________________
computer-go mailing list
computer-go@xxxxxxxxxxxxxxxxx
http://www.computer-go.org/mailman/listinfo/computer-go/

Follow-Ups:
- Re: [computer-go] how to use GTP in place of GMP
  - From: Gunnar Farnebäck
- Re: [computer-go] how to use GTP in place of GMP
  - From: Don Dailey

References:
- Re: [computer-go] how to use GTP in place of GMP
  - From: Compgo123

Prev by Date: Re: [computer-go] how to use GTP in place of GMP
Next by Date: Re: [computer-go] how to use GTP in place of GMP
Previous by thread: Re: [computer-go] how to use GTP in place of GMP
Next by thread: Re: [computer-go] how to use GTP in place of GMP
Index(es):
- Date
- Thread