Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <55328F53.1070705@gmx.de>
Date: Sat, 18 Apr 2015 19:07:31 +0200
From: Harald Becker <ralda@....de>
To: musl@...ts.openwall.com
CC: Matt Johnston <matt@....asn.au>
Subject: Re: Re: Security advisory for musl libc - stack-based buffer
 overflow in ipv6 literal parsing [CVE-2015-1817]


On 18.04.2015 18:37, Rich Felker wrote:
>> @Rich: I still get DNS error (Mozilla Thunderbird) for
>> dalias@...c.org, when tying to send mail :(
>
> Odd. I just verified that Google's 8.8.8.8 resolves it right, so I
> don't know what's wrong, but it seems to be on your end. Let me know
> if you find anything that looks like a problem on my side.

AFAIK, you use a CNAME as MX, which is resolved on some, but not all 
systems / programs. You need to add an absolute IP address for your MX, 
not a CNAME, to be accessible for all.

A-record lookup is ok (resolved recursive), but MX lookup fails (doesn't 
do recursive lookup everywhere).


>> On 18.04.2015 17:58, Rich Felker wrote:
> Well anything that gets code execution in the dropbear session process
> would be able to steal the key still. The only added protection you'd
> get is is against heartbleed-type attacks (arbitrary memory read but
> no code exeution).

ACK, ... isn't that bad, to protect against that kind of key steeling, 
with a very simple solution, and no need to further code restructuring?

IMO it is a quick intermediate solution, until someone may be able to 
restructure key creation code, still giving the possibility to let 
dropbear drop root privileges completely (except pty/utmp question).


>> So consider my suggestion a simpler to implement solution, in
>> between having full root privileges or hanging keys in memory, and
>> an external process to do the rekey steps (in addition: with the
>> possibility to let that process use the dropbear group and not root
>> to access keys - even better than let that process hang around as
>> root)
>
> If this external process is setuid/setgid, I consider that a much
> bigger vuln.

Just to mention: My statement 'separate process' doesn't included or 
intended a separate suid/sgid program.


> It would have to somehow verify that it's being invoked
> by a valid dropbear session process and not some other caller that
> just wants to use it to steal keys/forge key negotiations, and you
> have all the usual issues with setuid programs having to be defensive
> about the state they inherit when invoked.

I didn't think of an exec to a separate program, but just fork and let a 
process for key management run in the back. So a bit simpler to verify 
authentication of caller, but still somehow required ... or what else 
did you suggest?


> If on the other hand the session process just kept gid=dropbear to
> open and reload the key, it wouldn't be so bad.

That's it, the key creator part doesn't need root privileges for it's 
operation either. That is just a combination of the two approaches.

Harald

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.