Summary and experiences of Security Vulnerabilities (1)

Reprinted, please indicate the source and know chuangyu

Security Vulnerabilities and bugs
A bug is an action that occurs when the program is developed and designed and is not fully considered or implemented incorrectly. As a result, the program is executed in an unexpected way or status by the developer, security Vulnerabilities are a special form of bugs.
A security vulnerability is defined as a security vulnerability. a BUG that allows programs to be executed in an unexpected manner and allows the vulnerability implementer to gain execution or processing capabilities not allowed by the user is a security vulnerability.

Security Vulnerabilities are related to specific application/system-defined role permissions and definitions.

For example, a Denial-of-Service vulnerability can only affect the use of the system by users who implement the vulnerability, but can affect the use of the system by other users. It is a security vulnerability, this is because it breaks through the user's capabilities and permissions. (However, if the vulnerability is required to be implemented by a user who has the permission of other users to use the system, if the vulnerability must be initiated by the system administrator of the compromised system, it can only affect other users of the compromised system, but cannot be considered a security vulnerability)

The other is: you must also consider the restrictions on the permissions and capabilities of the role in the application environment: The IME host process crashes due to the input of special keys in the IME (input method). In most cases, it is only a BUG, but for a system that is installed with interactive system operation protection like an Internet cafe, It is a security vulnerability.
Essentially, different roles under many applications have the same permissions and capabilities for users in the same system. However, Internet cafe protection applications distinguish roles, it is divided into user roles that allow access to the system to use interaction and user roles that only allow access to online games. This BUG can successfully shut down the protection application, breaking through the limitations on the capabilities of the original role and becoming a security vulnerability.
Applications divide roles based on system user permissions and rely on applications for management, which is inherently insecure, because it is difficult for common applications to completely plan and design user permissions and detect them, however, many details of permissions cannot be managed by the system itself, so such applications exist on a large scale. Therefore, it is often difficult to completely separate vulnerabilities from bugs. You must also take into account the limitations of the application on Role permissions and capabilities.

Most security vulnerabilities are bugs. They are unexpected behaviors of designers or developers,

However, some security vulnerabilities that are designed with insecure functions may not be bugs, because they all comply with the actions expected by designers and developers, it's just that the designers and developers did not take into account the potential security risks brought about by such behaviors or they intentionally leave backdoors.

PS: there is a division of roles and user rights in any system. Some of them are explicit and implicit. For example, messages that remotely initiate syn flood Denial of Service attacks are opposite to those of the system, it is an unauthenticated user with anonymous requests. the user's ability should only be limited to initiate requests without affecting other users. However, by initiating an attack, the user has the ability (permission) to prevent other legitimate users from using the system ), security issues.