Drupal Warns of New Remote-Code Bug, the Second in Four Weeks

For the second time in a month, websites that use the Drupal content management system are confronted with a stark choice: install a critical update or risk having your servers infected with ransomware or other nasties. From a report: Maintainers of the open-source CMS built on the PHP programming language released an update patching critical remote-code vulnerability on Wednesday. The bug, formally indexed as CVE-2018-7602, exists within multiple subsystems of Drupal 7.x and 8.x. Drupal maintainers didn't provide details on how the vulnerability can be exploited other than to say attacks work remotely. The maintainers rated the vulnerability "critical" and urged websites to patch it as soon as possible.

A new twist on term 'open source'

[TheZeitgeist]

Apparently, the source is open more ways than one.

How outrageous

[Billly+Gates]

Drupal and php are so well secured and up to date that this can happen is simply inconceivable

Re:How outrageous

[Narcocide]

Drupal and php are so well secured and up to date that this can happen is simply inconceivable

You keep using that word... I do not think it means what you think it means.

Where are the sandboxes?

[goombah99]

Why don't developers just write code that doesn't have security holes in it?

Presumably because they can't. It's time we started programing computer resource sandboxes into every application by default.

Linux and Mac, and Windows all have things for this. Macs have a dtrace based sandbox that can be per application or per process.

sandboxes can specify what a process and all child processes can do at the computer resource level. Can they get on the network? Can they access the file system? what files can they access? do they have write permission? how much memory can they use? how much cpu? and so on.

If we always launched processes with these clamped down a lot of security holes would not be exploitable. Why is it these are largely unused?

Re:Failure has 1000 mothers

[hierofalcon]

The problem is that with every major release they completely revamp the API. Nobody who develops for them can keep up with the changes and there's no automated way that works to upgrade source from release to release. If you choose to use a module because there isn't something you need in core, then you're stuck till the module gets converted to the newest release which may never happen. Eventually, your mind just screams.

The path to secure code isn't rewriting everything from the ground up with each release. I know that's an exaggeration, but it sure seems like it. The path to secure code is to get things close to right the first time and then do minor tweaks and fixes from then on.

I guess your imagination is limited

[goombah99]

To try to answer your ridicule patiently imagine the following. A program running in a sandbox without data base access handles the requests and then sends messages to other processes in each of the other sandboxes for the various sub tasks.

*The customer database verification
* Backend accounts/card processing interface to process and record sales
etc..

the verification is only permitted to set a semiphore (true false) to comunicate the varification back to the master process.

And so on. Every process is given limited resource access and very limited communication access to another process. As much as possible the communications are handled through single duplex deadrops (like a semaphore).

this would massively cut down the ways to exploit a defect in one subsystem.

it's analgous to validating your inputs but much better because the program litterally lacks the resources to perform most invalid actions even if the input validation fails.