Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

Security hole ? (was: image memory representation)

 [1/11] from: coussement::c::js::mil::be at: 21-Aug-2001 12:50


[DocKimbel Wrote: ]
> > > > img: make image! [10x10 #{FFFFFF}]
<<quoted lines omitted: 4>>
> space dump !! > It's more than a simple bug, it's a potential security hole !
[Because our projects could be ported to a distant access server, I'm wanting to become aware of the possible security problems of REBOL, and in this purpose I'm regulary screening the mailing list. My knowledge of this problem is limited - but I'm working on it. So ... could any guru out there be kind enough to explain to me how this image representation/space dump is becoming a security hole ? thanks for answering, christophe]

 [2/11] from: coussement:c:js:mil:be at: 23-Aug-2001 9:15


Hi REBOLians: Please ignore this question. I now realize this was a stupid one. Sorry for the inconvenient ;-) Christophe

 [3/11] from: brett:codeconscious at: 23-Aug-2001 17:42


Definitely not a stupid question. Keep asking! Brett. ----- Original Message ----- From: "CRS - Psy Sel/SPO, COUSSEMENT, Christophe, CPN" <[COUSSEMENT--C--js--mil--be]>

 [4/11] from: arolls:bigpond:au at: 23-Aug-2001 19:09


Supposing an evil program made a very large image this way, but only initialized a tiny bit as seen already. Then it could scan lots of rebol memory, and if it was smart, might be able to get a username and password, if the user had set these previously. I wonder about the memory situation with launched programs. Running launched programs using the Desktop is the most likely way for the user to run something without looking at the code.

 [5/11] from: petr:krenzelok:trz:cz at: 23-Aug-2001 11:18


Anton wrote:
> Supposing an evil program made a very large > image this way, but only initialized a tiny > bit as seen already. Then it could scan > lots of rebol memory, and if it was smart, > might be able to get a username and password, > if the user had set these previously. >
interesting thoughts :-)
> I wonder about the memory situation with > launched programs. Running launched programs > using the Desktop is the most likely way > for the user to run something without > looking at the code.
Yes, but you live in a sandbox, don't you? So, if any app tries to read, write outside your sandbox, rebol asks you for permission - it is up to you then ... -pekr-

 [6/11] from: coussement:c:js:mil:be at: 23-Aug-2001 12:42


Anton: I thought something like you write would be possible, but thanks for providing me with the details. I should definitively read a few books about security before it becomes a real concern to me ;-) -christophe-

 [7/11] from: arolls:bigpond:au at: 23-Aug-2001 23:07


> > Supposing an evil program made a very large > > image this way, but only initialized a tiny
<<quoted lines omitted: 14>>
> you then ... > -pekr-
What I meant was... envisage this situation: - First, start rebol in console, - access your ftp site, storing user and pass in a couple of strings. - run desktop - launch and run an "evil" program Is rebol memory pool the same for the launched program as in the console at the first point? If so, then it's possible that the evil program can send away user and password. Then evil programmer can freely access the ftp site. Muhahahahaaa.r.rgg..<cough> This way does not rely on read/write access, because it reads an image it has allocated "properly". Anyway, I can see this bug being fixed pretty soon. Anton.

 [8/11] from: carl:cybercraft at: 24-Aug-2001 17:39


On 24-Aug-01, Anton wrote:
>>> Supposing an evil program made a very large >>> image this way, but only initialized a tiny
<<quoted lines omitted: 23>>
> Is rebol memory pool the same for the launched program as in > the console at the first point?
I wouldn't think so, as a new REBOL is run for every script launched from the Desktop. Not too efficient, but it does add to security.
> If so, then it's possible that the evil program can send away user > and password. Then evil programmer can freely access the ftp
<<quoted lines omitted: 3>>
> Anyway, I can see this bug being fixed pretty soon. > Anton.
-- Carl Read

 [9/11] from: g:santilli:tiscalinet:it at: 23-Aug-2001 19:10


Hello Anton! On 23-Ago-01, you wrote: A> Is rebol memory pool the same for the launched program as in A> the console at the first point? If so, then it's possible that A> the evil program can send away user and password. Then evil A> programmer can freely access the ftp site. A> Muhahahahaaa.r.rgg..<cough> This is very unlikely anyway. The evil program has to be lucky enough to get the username and the password in that memory area; the it has to scan that area to find things that look like strings; then it has to convince the user to give it the permission to open some tcp port to send back the data to the evil programmer (ok, by default script are allowed to open tcp ports, so this is not probably a very big problem); the evil programmer then has to scan thru all of this strings to see it he can find something useful. It's like winning a lottery. :) A> Anyway, I can see this bug being fixed pretty soon. Indeed. So hurry up evil programmers! ;-) Regards, Gabriele. -- Gabriele Santilli <[giesse--writeme--com]> - Amigan - REBOL programmer Amiga Group Italia sez. L'Aquila -- http://www.amyresource.it/AGI/

 [10/11] from: max:ordigraphe at: 24-Aug-2001 13:29


Hi Gabrielle! Have you ever seen how someone reverse engineers code? believe-me, scanning such a memory dump is quite a lottery jackpot, unless the user and password are heavily cryptic! It takes any human being about 10 seconds to spot strings in a hex-editor and its quite easy to figure out bounds. Maybe I'm just bull-shitting here, but I don't believe this to be a slight issue! cheers! -Max Contrary to popular belief, Unix IS user-friendly... its just picky on who it considers a friend

 [11/11] from: ryanc:iesco-dms at: 24-Aug-2001 12:23


Maybe I missed something here, but as I understand this security issue, you must have a rebol trojan installed to even take advantage of it. If you have gotten that far, the memory dump is a big waste of time, as there are far better things to take advantage of. --Ryan Maxim Olivier-Adlhoch wrote:
> Hi Gabrielle! > Have you ever seen how someone reverse engineers code? believe-me,
<<quoted lines omitted: 57>>
> [rebol-request--rebol--com] with "unsubscribe" in the > subject, without the quotes.
-- Ryan Cole Programmer Analyst www.iesco-dms.com 707-468-5400

Notes
  • Quoted lines have been omitted from some messages.
    View the message alone to see the lines that have been omitted