[cl-store-devel] On the security of cl-store

[Alex Mizrahi]

 SR> To my knowledge the only other vulnerabilities would revolve
 SR> around uses of eval, read or read-from-string which cl-store

If denial-of-service (e.g. crashing lisp server) qualifies as a successful 
attack, spectrum of issues to deal with is much larger. Perhaps simplies way 
to DoS the server is force it to use large quantities of memory, so it would 
be thrashing and eventually will collapse. As I understand, with cl-store 
binary format output is proportional to serialized input and can't be much 
large. So, to start with, one can simply reject messages which are too long.

More sophisticate strategy is to make server leaking memory. For example, 
force it to intern new symbols in each packet, then packets will be small, 
but with each packet server will leak some memory. Obvious fix to this 
problem is to forbid interning new symbol.

Finally, one can DoS server by putting it into an infinite loop. This can be 
achieved by sending a cyclical data structure where server code expects 
simple one. Then iteration or recursive traversal will either hang in 
indefinite loop or cause a stack overflow.