CS338 Computer Security
Wednesday, 5 November 2025

+ Rest of the term, recap
- Project (due Nov 12)
- Misc. in-class labs
- Takehome due: part 1, 11:59PM, Nov 19; part 2 5:00PM Nov 24
- What's your preference?
    - Two-part exam (part 1 Nov 19, part 2 Nov 24)
    - One-longer-part exam (Nov 19)

+ My favorite podcast
- Risky Business, risky.biz

+ ffmpeg story
https://techcrunch.com/2025/08/04/google-says-its-ai-based-bug-hunter-found-20-security-vulnerabilities/

+ Injection attacks, part 1: command injection

- http://danger.jeffondich.com/imagelist1.php
- http://danger.jeffondich.com/imagelist2.php
    - What do I think the code looks like?

        ...
        system("ls -l uploadedimages/*." . $_REQUEST['extension']);
        ...

- Fundamental problem
    - You can't trust user-provided data
    - Need to "sanitize" it or analyze it before using
        it for other purposes (especially if user-provided
        data becomes part of command execution)

- Possible solutions
    - Eliminate shell-special characters like ;
        maybe there's a PHP library function that does this well
    - Restrict the possible inputs to a fixed set
        - Quite reliable, but hard to maintain
        - 
    - Does the server-side programming language have tools to help you?


+ Starter list of "how to write secure code"
- Ask Claude what it thinks
- Sanitize all input (a.k.a. Trust No One)
    - this is hard
    - library functions exist
    - (sometimes) restrict to fixed set of valid inputs
    - ...
- Give every portion of your code the minimal
    authority it needs to its job
- For networked services, make sure e.g. that your
    web server has no more permissions than it needs
    and in general, don't give software any more
    authority than it requires to its job
    ("zero trust")
- ...

+ Think about similar issues with privacy
...