[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [minion-cvs] Add comment suggesting a solution for zlib bombing

To: mixminion-dev@freehaven.net
Subject: Re: [minion-cvs] Add comment suggesting a solution for zlib bombing
From: Nick Mathewson <nickm@alum.mit.edu>
Date: 29 Dec 2002 14:36:38 -0500
Delivered-to: archiver@seul.org
Delivered-to: mixminion-dev-outgoing@seul.org
Delivered-to: mixminion-dev@seul.org
Delivery-date: Sun, 29 Dec 2002 14:32:44 -0500
In-reply-to: <E18QYr1-00007A-00@localhost>
Organization:
References: <20021220235242.8314F33C68@moria.seul.org> <E18QYr1-00007A-00@localhost>
Reply-to: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net

[Sorry about the delay; I've spend Christmas away from reliable email.]

On Mon, 2002-12-23 at 15:07, Zooko wrote: 
> (From mixminion-cvs.)
>
> > Add comment suggesting a solution for zlib bombing
> 
> > +  The current code takes the following approach:  when delivering a
> > +  message, if the uncompressed size is over 20K, and the compression
> > +  ratio is >20, we do not uncompress the message, but instead deliver
> > +  it as-is, with a warning that it may be a zlib bomb.
> > +
> > +  Does that sound reasonable?  How about the parameters? -NM]
>
> This means that if I use mixminion programmatically as a transport layer, I have 
> to check that my messages wouldn't trigger this defense, and if they do I send 
> them uncompressed, right?

I can think of two options:
     1. If you're using a specialized exit module (not SMTP), that exit 
        module can have its own anti-bombing defenses. [Most services
        that use Mixminion as a transport layer should probably do this;
        MMTP provides far better security guarantees than does SMTP.]
     2. You can precompress _all_ data before feeding it to Mixminion. 
        Mixminion will try to compress it a second time, but the
        compression factor will be very low. This might sound wasteful,
        but in practise it adds less than 0.7% to the cost of generating
        an 8-hop message.
     3. If you receive a message that you don't recognize as valid for
        your protocol, try uncompressing it.

The suggestion you give won't work: end-to-end compression is not
optional (because optional => partitionable.)

> What is the attack aimed at -- filling up the user's mailbox?  Too bad all MUA's 
> don't compress mailboxes.  :-)

Correct. 

> By the way, I use this Python module to zlib-uncompress while constraining the 
> memory used during decompression as well as the size of the result:
> 
> http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/pyutil/pyutil_new/pyutil/zlibutil.py?rev=HEAD&content-type=text/vnd.viewcvs-markup

Cool; I'll check it out.

Yours, 
-- 
Nick Mathewson <nickm@alum.mit.edu>

References:
- Re: [minion-cvs] Add comment suggesting a solution for zlib bombing
  - From: Zooko <zooko@zooko.com>

Prev by Date: Re: [minion-cvs] Add comment suggesting a solution for zlib bombing
Next by Date: Who can give me a shell account?
Previous by thread: Re: [minion-cvs] Add comment suggesting a solution for zlib bombing
Next by thread: Who can give me a shell account?
Index(es):
- Date
- Thread