IETF Logo Mail Archive

Re: [netmod] Use of unrestricted string in YANG (was RE: naming scope of a grouping which uses a grouping)

Andy Bierman <andy@yumaworks.com> Thu, 12 January 2023 15:08 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 454DFC1BE87F for <netmod@ietfa.amsl.com>; Thu, 12 Jan 2023 07:08:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pxueKBB_wkBI for <netmod@ietfa.amsl.com>; Thu, 12 Jan 2023 07:08:19 -0800 (PST)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7594BC1BE88D for <netmod@ietf.org>; Thu, 12 Jan 2023 07:08:19 -0800 (PST)
Received: by mail-lf1-x135.google.com with SMTP id v25so28809362lfe.12 for <netmod@ietf.org>; Thu, 12 Jan 2023 07:08:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WvUNTDZOPjQwnoNnlosPhBqAT1TBe7NcXjfd5f1aNek=; b=VyHmSuY70vBv9lqx2gsz6XoKD0Bccy+SqESJpF1Sf1BIA6b5+50YGaBktuI33Yn39+ pOQpXl60ItbB3hjNa+DDMY4dw71s0rwMnJYys2g3vzg0qeiI/KR0O5T33nfpMoE/HucC F6WIUTNafKpWe7BkawaUogEixMaq14llCQ+QPgfh3vfIJ8+Dsu7R2mF32wJLfnInkSOZ tDRIxqra3TK8pGx+Ov4DNO1Oa6ZgqJrSqJjBTf1dY5ILANE+qljN7YvLlqH1Rd0+cgbY 6L/ReR2jh0yOMaTAoGzkJ/bZMzqMy3w2Iqm8W9O3foSz6zS9giOELMcLVMKebuyJABoh BIMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WvUNTDZOPjQwnoNnlosPhBqAT1TBe7NcXjfd5f1aNek=; b=wfDiVHK19oAu/uF6tHo5RwQNrWJma5E5WHa3bwL4VaHb1OdwAFQQgmWeDqjEJpRvA/ VYrKF48UIwRQ02WL/etl0rmYJXukFdjronLrvWyNf9sfgXinhpDLUcvu2bXrdNkFklOG 96d+aXWdHB59nmt6w8kVkZ6uVjl36cSg4s40dwdELipfOk0h/gPjHKx7pKE4uwMRi+sH hI/pYugV5y9U+s/7+u844WdtnhLmilMVtikckMngUfnX6mDRkPUlXI5fKn9fMQ6sAALY 1thhPAvrRN7Zxmxy0HvJLkf0/AuSw0AFTBNqkPQZAD7yhkSYUVIPqZOFCjGcvfSThDHi 3wvA==
X-Gm-Message-State: AFqh2kpkLUJBaQ/43GLKQQhs61MifX5RIijdV3L9MQn7Tz0q1xDOvqZE NRZi7apmSNtb+yttNf3O9D5Rvphh0exNZg1d8Sa2lHWSPa9Yfg==
X-Google-Smtp-Source: AMrXdXuQjWZylF/A6kyG9sGnVj4RD2pw/wyNWzmpP5M+yUmTowMWw+mXUr+836LMMGnui6sVacw4tQSu66OZc1mvq8I=
X-Received: by 2002:a05:6512:2347:b0:4cb:4402:9543 with SMTP id p7-20020a056512234700b004cb44029543mr2723188lfu.614.1673536097579; Thu, 12 Jan 2023 07:08:17 -0800 (PST)
MIME-Version: 1.0
References: <cb2ab59f5e0f4142b7d7f2c23d8accba@huawei.com>
In-Reply-To: <cb2ab59f5e0f4142b7d7f2c23d8accba@huawei.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Thu, 12 Jan 2023 07:08:05 -0800
Message-ID: <CABCOCHSa2VAbrbhRDs60o5X6XjaoFZPAO1k3LkFNGXncf4E4wg@mail.gmail.com>
To: Italo Busi <Italo.Busi@huawei.com>
Cc: Martin Björklund <mbj+ietf@4668.se>, "ietfc@btconnect.com" <ietfc@btconnect.com>, "netmod@ietf.org" <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009d89dd05f2127cfb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/bUtTfR4s_8QS3pIcQ4nNfOiIuV0>
Subject: Re: [netmod] Use of unrestricted string in YANG (was RE: naming scope of a grouping which uses a grouping)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2023 15:08:23 -0000

On Thu, Jan 12, 2023 at 4:38 AM Italo Busi <Italo.Busi@huawei.com> wrote:

> I have seen the comment from Tom about the unrestricted string in YANG on
> other drafts in WG LC or WG adoption poll and I would like to understand
> what is the position of the Netmod WG on this issue
>
>
>
> Using unrestricted string is quite common practice in existing IETF
> standard YANG models, also as in key attributes (e.g., see RFC8343).
> However, the comments looks valid and it is worthwhile investigating it
> further
>
> From the previous discussion I have understood that Martin does not think
> this is an issue while Andy agrees with Tom …
>

Engineering is about trade-offs.
An unrestricted string provides complete flexibility, but at a cost.
It increases the cascading security vulnerabilities of the system.

The string length issue is only part of it.  It is harder to find buffer
overrun exploits
with a 64 byte string than with unrestricted length. The 'yang-identifier'
type is better
than plain string and still provides unlimited length.

Just because the escaped string is "safe" inside a NETCONF protocol message
does not mean it is safe to use in other tools. Data (especially list keys)
gets moved
between software programs. Unrestricted strings increase the risk of data
injection attacks.

Andy



>
> I have a mixed feeling about the resolution but I think this is something
> to be documented either in RFC7950 (update) or in RFC8407 (update)
>
>
>
> For integers, RFC7950 defines different built-in types for 8-bit, 16-bit
> and 64-bit integers, while for string there is only one type and the length
> sub-statement is optional
>
>
>
> While it is true that unrestricted strings can cause an implementation to
> run out of memory, it is also true that in some cases it is not trivial to
> define the maximum length for a string attribute
>
>
>
> Moreover, I am not sure whether restricting the strings would solve the
> out of memory: what happens if a huge YANG list is configured?
>
>
>
> What is your view/opinion about using the string type in IETF standard
> YANG models?
>
>
>
> Thanks, Italo
>
>
>
> *From:* Andy Bierman <andy@yumaworks.com>
> *Sent:* mercoledì 21 dicembre 2022 00:30
> *To:* Martin Björklund <mbj+ietf@4668.se>
> *Cc:* ietfc@btconnect.com; netmod@ietf.org
> *Subject:* Re: [netmod] naming scope of a grouping which uses a grouping
>
>
>
>
>
>
>
> On Mon, Dec 19, 2022 at 5:15 AM Martin Björklund <mbj+ietf@4668.se> wrote:
>
> tom petch <ietfc@btconnect.com> wrote:
> > From: Martin Björklund <mbj+ietf@4668.se>
> > Sent: 19 December 2022 12:18
> > To: tom petch
> >
> > tom petch <ietfc@btconnect.com> wrote:
> > > draft-ietf-opsawg-sap-12
> > > defines a grouping sap-list which uses grouping sap-entry.  The
> groupings are intended for import by service specific modules.  The uses
> does not include a prefix; should it?
> >
> > From a YANG perspective this is correct.  Since it references a
> > grouping in the local module, the prefix is optional.
> >
> > <tp>
> > But it will not be the local module when it is used in other modules
> which is the only reason it is a grou[ing
>
> It doesn't matter how sap-list is used; it is well-defined in the
> module ietf-sap-ntw.  See section 5.4 in RFC 7950.
>
>
> /martin
>
>
> >
> > module ietf-sap-vpn
> >  prefix sap-vpn
> > import ietf-sap-ntw
> >  prefix sap
> > container sap-l2vpn
> >
> > list l2vpn-service
> >  uses sap:sap-list
> > .....
> >
> > Does it need to know where to find sap-entry which sap-list 'uses'
> without a prefix?
> >
> > Tom Petch
> >
> > > The module also has my favourite YANG construct, an unrestricted
> string as a YANG key.
> >
> > I don't think that this is a problem.  Or rather, if the theory is
> > that we need to have restricted length on strings b/c otherwise an
> > implementation may run out memory, then I don't think this solves that
> > problem.  But perhaps there is some other reason?
> >
>
>
>
> There is an argument to be made that it is better to pick a reasonable
> length
>
> and a reasonable character set for an administrative string (going back to
> SnmpAdminString)
>
> That way, every implementation MUST support the same set of strings
> (modulo resource errors).
>
>
>
> I have the same reaction as Tom when I see 'string' as a key.
>
> Really? The server accepts zero-length identifiers, all-whitespace
> identifiers, and much worse...
>
> Probably not.
>
>
>
>
> >
> > /martin
>
>
>
>
>
> Andy
>
>
>
> >
> > >
> > > Copying Martin as he performed a YANG Doctor review earlier in 2022.
> > >
> > > Tom Petch
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod
>
>

v2.23.0 | Report a Bug | By Email