SBN

Grammar: The Stuff of Exploits

Communicating clearly can be difficult.  Consider the following sentence:

The police officer and bandit pulled their triggers.  Shots were fired, and he went down.  He breathed his last breath.*

This sentence is a legitimate use of language– however it is awkward because of an unclear antecedent.  Who shot who in this sentence?  Did the police officer shoot the bandit? Did the bandit shoot the police officer?  The reader is left to make up his/her mind on how to handle this.

Written or spoken, clarity of language is accomplished by removing such ambiguities.

But I am not in the business of copy editing.  My job is to lie to computers and people, as a means to circumvent filters and exploit weakness.  Because people write software, it should be unsurprising that similar types of ambiguities can be used against applications.

Consider the following URL scheme**:

http://example.com;.coredump.cx/

If you use this URL in internet explorer you are taken to coredump.cx, if you use this URL in most other browsers you are taken to example.com.  This is because of the same type of issue we faced with our poorly written sentence.  It is perfectly valid syntax, however it is ambiguous to intent and causes the reader (aka: browser) to make a decision as to what was intended.

Languages support these types of clauses because, when used properly, they can be useful.  But when ambiguous situations arise, it is nearly impossible to make “the right” decision.  You can, at best, make a decision– but who can say if it was a good one.

If you think you have it right– look back again at the first sentence.  Because of the way this information is presented, our mind is drawn into the assumption that the police officer and bandit shot each other.  But why?  In context, it is entirely possible that they both shot at someone else entirely.  When you add scope into the mix, context can change in radical and unpredictable ways.

This reality is horrible for anyone who is trying to identify “malicious” data.  You don’t often know what is malicious until it is too late, and can’t exactly not permit language clauses that are useful.  These leaves lots of room to shuck and jive– often to your detriment.

Welcome to grammar.

-A

(I really am not a copy editor, nor do I have one.  If there are mistakes with this post– please be kind.)

* Example based on the book, “It was the best of sentences, it was the worst of sentences” by June Casagrande
** Example borrowed with permission from the amazing book, “Tangled Web” by Michal Zalewski

*** This is a Security Bloggers Network syndicated blog from @"figurative"; authored by pinvoke. Read the original post at: https://pinvoke.wordpress.com/2011/12/09/grammar-the-stuff-of-exploits/