[zeromq-dev] Vulnerability of devices to incoming messages

Brian Granger ellisonbg at gmail.com
Thu Aug 12 00:13:23 CEST 2010

On Wed, Aug 11, 2010 at 3:01 PM, Pieter Hintjens <ph at imatix.com> wrote:

> On Wed, Aug 11, 2010 at 11:49 PM, Brian Granger <ellisonbg at gmail.com>
> wrote:
> > I think the core question that this bug brings up is the following:
> > In what situations do we want a 0MQ process to crash?
> > Here is my simple answer:  never
> Here's my view.
> Processes should be as vulnerable as possible to internal errors, and
> as robust as possible against external attacks and errors.  To give an
> analogy, a living cell will self-destruct if it detects a single
> internal error, yet it will resist attack from the outside by all
> means possible.
This is a very nice way of putting it!

> Assertions are absolutely vital to robust code, they just have to be
> on the right side of the cellular wall.  (And there should be such a
> wall, if it's unclear whether a fault is internal or external, the
> design is broken IMO.)
Yes, and I think the current issue is on the wrong side of the wall.

> It definitely seems more useful that zmq_send() returns an error
> rather than silently dropping a message it can't process, and I'll
> take a look at that tomorrow.  It needs Sustrik's input, he presumably
> has some reason for the current strategy.
I think I agree with this, but maybe there is a reason it can't be done

Cheers and thanks for your help on this one.



> -Pieter

Brian E. Granger, Ph.D.
Assistant Professor of Physics
Cal Poly State University, San Luis Obispo
bgranger at calpoly.edu
ellisonbg at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20100811/e8fccb34/attachment.htm>

More information about the zeromq-dev mailing list