The Lazy Programmer’s Guide to Secure Computing

small summary writeup:

• how to write secure code in an imperfect world
• code patterns for “principle of least authority” (POLA)a sharp razor (to much authority: you get abuse, to few authority: you don’t get your job done)
• security and POLA in the mail envelope, every security principle serves another purpose as well
• the OO paradigm could serve as a good security paradigm, too
• most languages break the security properties of OO (e.g. by allowing stack access)
• for various languages there are tools which fix these language problems and filter your code, thus enforcing OO security properties (e.g. Caja by Google and Yahoo for javascript, Joe-E for java, Emily for Ocaml)
• how could these patterns be transported into distributed systems, the web? implementations: waterken server / web-key
• with these patterns in action, a web-money protocol can be implemented in about 30LOC Java
• if POLA is used in larger OO software systems, you achive ultra-deep security in depth
• with POLA, the attack-tree risk-combining operation changes from OR to AND, thus the economics of security change
  • when extending code, you mostly add unpriviledged code
  • meanwhile you fix problems in the priviledged code
  • thus, over time code becomes more secure instead of less secure
• we should use memory-safe OO languages and POLA principles

One of the main advantages of Gentoo Linux is the availability of the hardened profile and kernel. The hardened profile enables a number of switches and features which, together with the hardened kernel (PaX and grsecurity patchset), provide a system with full address space layout randomization (ASLR) and stack-smashing protection (SSP). ASLR requires a kernel patch, called PaX, and all binaries to be built as position independent executables/code (PIE/PIC). SSP, also known as cannaries, is a pure compiler-feature.

Now the old GCC 3.4.6 series had this feature (coming from an old IBM patch called ProPolice). But the current stable compiler on Gentoo, GCC 4.3.4 doesn’t have it anymore. This means, current stable Gentoo-hardened systems are built without SSP.

How could we fix that? Using gcc 3.4.6 will most likely break a number of things, so it’s not really an option. But GCC 4.4.2 has a new SSP feature. It’s a totally new implementation of the same idea. But 4.4.2 is not on by default.

To use GCC 4.4.2 and with it SSP on Gentoo-hardened, you have to import the hardened-dev overlay (layman -a hardened-development). Then you have to unmask =sys-devel/gcc-4.4.2-r2 in /etc/portage/package.unmask and install it. It will be put into a new slot (4.4), so it doesn’t overwrite the old gcc by default. When it’s compiled, you can enable it with gcc-config.

After there were mostly positive reports on the gentoo-hardened mailinglist, I just did that on my home-box. The complete re-build of the system with the new gcc is currently running. I’m confident that nothing breaks.

So if you have a server-box with hardened, I’d suggest you do the same and switch over to the new GCC in the hardened-dev overlay. It seems to work well for most people and packages. If you have a server-box without an ASLR kernel/system, aka not Gentoo-hardened, I’d suggest you do something about it anyway. I mean even Windows has it (since XP SP2).

As you might know, my blog/cms solution is a heavily outdated Joomla/Wordpress combo. I already found an XSS attack by myself. But I guess there are at least a hundred remote code executions in the wordpress components (although not directly exposed), not to speak of the ancient Joomla software. And all that is f*cking PHP code!!!11 ;)

Now, how do you run outdated and insecure PHP code?
Put simply: You don’t!

And that’s exactly what I inteded to do. But at the same time I also was not to keen to migrate all the content to a new cms/blog platform. So what could I do? Well, I just took it offline — and moved the PHP code and the database to a local box. What you see here, is a httrack-mirror of the dynamic page, together with a tiny hack for the RSS/Atom feed. I have a small script that ftps the locally generated httrack image on my website. Ahhh, no more unprotected credentials and login forms, no more sessions, no more cookies, just plain static http.

Now I’m back in the good old 90s. But at least I don’t have to worry anymore :)

(The comment-function was used rarely anyway and I got a lot of spam to filter every day. Getting rid of the dynamic functions is not to huge a loss for me, I think.)

Now that I have this rolled out, I also think, that this is a solution for a lot of other old websites. So if you’ve got one lying around with code you don’t really want to run anymore but with content you might still want, just put it through httrack. It feels a bit like rendering a vector image into a bitmap. Having as few code on the servers as possible, definitely helps reducing your attack vectors.

As much as I don’t like the products of his former company, in this talk at TED he has a point I can agree with: To overcome the nearly inevitable, we need a “miracle” and this miracle has to come from research and economics. We have to find some technology that solves the energy crisis, is very cheap and doesn’t produce CO2. I don’t necessarily agree with his proposed technology, but the basic idea, I think, is correct. And, we need to invent this technology in the next 40 years. It worked with the Manhattan Projekt, it worked with the Apollo Program, it could work here, too. Industry won’t do it on it’s own, because an investment in such a projekt is a huge risk and will bring a lot of sunken costs uppon failure. The state is clearly needed here (as for any investment with huge fixed costs). But then just why don’t our governments spend more on education and research in this area?

well, it seems my blog destroys even armored keys.
I guess you’ll find it on the servers, the fingerprint is:
1515 1500 8CC3 CE35 52CD C7BD DAE1 1BBD 410E 04AF
key-id is, ofcourse : 410E04AF

Adobe is not amused (via Golem). Apple hat nämlich weder im iPhone, noch im iPad Support für Flash eingebaut. Das hat bestimmt auch technische Gründe (läuft einfach nicht auf ARM). Viel wichtiger sind jedoch, glaube ich, die politisch/ökonomischen. Wenn Web-Entwickler ihren Content auch auf iPad und iPhone ausliefern wollen, dann müssen sie etwas benutzen, was nicht Flash ist. Web-Entwickler sind nun eine Horde von Leuten, die völlig unkontrolliert jedoch einer gewissen kollektiven Kultur unterliegen. Der echte Web-Entwickler mag Dinge die schön sind. Dazu gehört auch schöner HTML/CSS Code, der sich an W3C Standards hält (jeder flucht über IE). Apple Produkte sind schön, deshalb mögen Web-Entwickler oft auch Apple Produkte. Apple hat also die Web-Entwickler hinter sich und deshalb können sie sich das auch erlauben.

Was wird passieren? Millionen von Web-Entwicklern werden zu ihren Chefs gehen und sagen: Wir müssen aber auch iPad und iPhone unterstützen. Und immer wenn Chefs iPhone oder iPad hören, bekommen sie $$$-Zeichen in den Augen. Also stimmen die Chefs zu und wir kriegen Content jetzt auch W3C konform ausgeliefert.

Das wiederum wird dafür sorgen, dass Browser die W3C Standards besser unterstützen. Das wiederum wird für mehr W3C-embedded Content sorgen. Das Ganze nennt man “virtous cycle”. Das Gegenteil wäre der “vicious cycle”.

Ich glaube wir sind Flash innerhalb von zwei Jahren los.

Endlich!

Völlig anlasslos, möchte ich diesem kleinen aber treffenden Beitrag beipflichten. Auf dass sich alle Leser noch einmal überlegen ob sie Äpfel wirklich kaufen mögen.

Same game again. Not all my boxes have tv-cards to leach entropy from, so I needed some other source. The soundcard comes into mind quickly, and every box has a soundcard nowadays. The existing audio_entropyd once again wasn’t useful, because what it produced didn’t survive the FIPS-140-2 tests (aka wasn’t really random at all on my box). I then went on reimplementing the exact same algorithm it uses in python with pyaudio to take a closer look on the data. When I dumped the output of this algorithm into a file, I could even see patterns in hexdump of that file. strange. Well, there must be some randomness, so I went on implementing a different algorithm. It also records stereo audio and then looks at the upper bit (0×0001) in the samples. If this bit is different on both channels and the current two stereo samples are different from the last two, it records that as an entropy bit (you can argue about that, though - afaik randomsound uses the same mechanism). To add some more confidence in the entropy, it then XORs 64kbit of entropy into a 4kbit block. This way, it’s getting around 3kbit/s of entropy out of the soundcard.

download sourcecode

README:

Python Audio Entropy Daemon v0.0.1 (works on my machine)
(c) 2010 by Kai Dietrich

Inspired by audio_entropyd by Folker Vanheusden
http://www.vanheusden.com/aed/
and randomsound by Daniel Silverstone
http://www.digital-scurf.org/software/randomsound

This software is Licensed under the
GNU General Public License 2.0 or later.

System Requirements:
--------------------
Python 2.6
PyAudio 0.2.3
a soundcard with line or mic in
optional: rng-tools / rngd

What it does:
-------------
Pyaed records samples from an audio input device, extracts some noise/entropy
and writes it to a fifo.

Pyaed opens the default audio input device pyaudio finds and records frames
(44.1kHz, 16bit, stereo). It looks at the highes bit (0x0001) in the samples from each channel.
If these bits differ and the samples are different from the last (to ignore constant signals),
a bit of entropy is recorded. To increase the qualitiy of randomness, it then compresses 64kbit of
entropy into 4kbit by XORing the bits. It then writes the bits into a fifo.
You can then attach rngd from the rnd-tools to this fifo (rngd -f -r entropy.fifo).
rngd will test the noise with a FIPS 140-2 test for it's statistical randomness
and delivers the bits to the kernel entropy buffer.

It does not work, what can I do?
--------------------------------
a) read the code (it's not that much)
b) fix the code
c) Play around with alsamixer to get noise on the default input device,
   turn up boosts and input levels until you get levels around 50%. If you want to, you can even put
   in a stereo mic to get noise from the air and not just the electromagnetic noise from the ADC.

How can I enhance the code?
---------------------------
Just do it. If you like this tool, you can just set up a project somewhere
and start collecting improvements. For me this was just some fire-and-forget
single-task code.

Well, what do computer scientists do, when they are bored? They toy around with cryptography.
For some reason I didn’t get video_entropyd to run (it would throw v4l errors and segfault), but I desperately need entropy. Now what I came up with is a quick python script which does essentially the same thing, but with much more dependencies and high-level scripting languages. Also I just grab video frames from the TV-card with pygame.camera, extract the entropy and write it to a fifo. All the communication with the kernel then does rngd from the rng-tools. It picks up the bits, checks if they are really random and only then puts them into the kernel. All in all I have a solution, which (according to rngd) generates about 80MiBit/s of entropy from a good old Bt878 receiver. Im quite satisfied :)

update: it turned out, that was only a number which resulted from reading and writing in chunks. The long run performance is 8kbit/s of entropy.

download source code

Python Video Entropy Daemon v0.0.1 (works on my machine)
(c) 2010 by Kai Dietrich

Inspired by video_entropyd by Folker Vanheusden,
The main part actually is just a python version of Folkers code.
http://www.vanheusden.com/ved/

This software is Licensed under the
GNU General Public License 2.0 or later.

System Requirements:
--------------------
Python 2.6
PyGame 1.9.1
a video4linux device
optional: rng-tools / rngd

What it does:
-------------
Pyved records frames from a video4linux device, extracts the noise/entropy
and writes it to a fifo.

Pyved opens the first video4linux device it finds and records frames (720x576, RGB).
If it finds the kernel entropy pool to be empty it starts extracting noise
from two successive frames. Every uncorrellated change in one of the three color
channels is considered to be a bit of physical randomness and written to
the fifo "entropy.fifo". You can then attach rngd from the rnd-tools to this
fifo (rngd -f -r entropy.fifo). rngd will test the noise with a FIPS 140-2 test for it's
statistical randomness and delivers the bits to the kernel entropy buffer.

How fast is it?
---------------
On a Pinnacle Bt878 analogue TV card, tuned to a really bad channel,
rngd reports the following speeds (entropy bits per second):

stats: HRNG source speed: (min=1.330; avg=1.783; max=4.657)Gibits/s
stats: FIPS tests speed: (min=70.382; avg=88.529; max=89.969)Mibits/s

this is frickin fast, compared to all those commercial devices

It does not work, what can I do?
--------------------------------
a) read the code (it's not that much)
b) fix the code
c) tune your tv-card with a tuner application to some channel before starting pyved

How can I enhance the code?
---------------------------
Just do it. If you like this tool, you can just set up a project somewhere
and start collecting improvements. For me this was just some fire-and-forget
single-task code.

A good introduction into the cognitive aspects of UI design

via /.:

http://ignorethecode.net/blog/2010/01/21/realism_in_ui_design/