I use openssl on the shell for encrypting data and would like to decrypt the data later at runtime in a ObjC/C/C++ program. As I could not get it working using the openssl library I call openssl from the program "on the console" and pipe the decrypted result back into a string, using popen() etc. This works perfectly but I wonder if this approach is as secure as using it "internally".
Thanks for comments or hints, as I haven't found anything useful on the web yet...
Matthias
You're potentially exposing yourself to a couple of more attack vectors, beyond that it's not that much less secure than linking against and using the OpenSSL library.
The program and it's arguments you're running from popen may expose additional info through argv, if you can specify the key material directly on the command-line and do so, this would be exposed through /proc/<pid>/cmdline (and ps/top/etc.). This is what I'd worry about the most if I were to decrypt via another process and pass it to another application through an pipe. As root they would also be able to read /proc/<pid>/environ if you pass key-material to the application through environment, although if they're root there's all sorts of other shenanigans they can do as well to get a hold of your stuff regardless of which method you use openssl (library/binary+pipe).
There's a few other things like replacing the openssl binary with something malicious, or injecting it earlier in PATH if you let popen/shell determine which openssl binary to use, although if they can do this chances are they also can get a hold of key-material and ciphertext through easier means (or they could replace or LD_PRELOAD a malicous openssl library, which neatly would defeat dynamically linking against openssl also). The same goes for snooping on the pipe, they'd have to run as root or your user.
In short, if you can popen without exposing anything sensitive through argv it's not that much less secure than using the OpenSSL library. Yes, there's a few more ways of getting a hold of your stuff, but it'd require them to run as a user which would be able to get a hold of your stuff anyway (although it'd possibly require a bit more effort).
Related
I want to write software that will detect all used/created/modified/deleted files during the execution of a process (and its child processes). The process has not yet run - the user provides a command line which will later be subprocessed via bash, so we can do things before and after execution, and control the environment the command is run in.
I have thought of four methods so far that could be useful:
Parse the command line to identify files and directories mentioned. Assume all files explicitly mentioned are used. Check directories before/after for created/deleted files. MD5 existing files before/after to see any are modified. This works on all operating systems and environments, but obviously has serious limitations (doesnt work when command is "./script.sh")
Run the process via another process like strace (dtruss for OSX, and there are equivalent windows programs), which listens for system calls. Parse output file to find files used/modified/deleted/created. Pros that its more sensitive than MD5 method and can deal with script.sh. Cons that its very OS specific (dtruss requires root privileges even if the process being run does not - outputs of tools all different). Could also create huge log files if there are a lot of read/write operations, and will certainly slow things down.
Integrate something similar to the above into the kernel. Obviously still OS specific, but at least now we are calling the shots, creating common output format for all OS's. Wouldn't create huge log files, and could even stop hooking syscalls to, say, read() after process has requested the first read() to the file. I think this is what the tool inotify is doing, but im not familiar with it at all, nor kernel programming!
Run the process using the LD_PRELOAD trick (called DYLD_INSERT_LIBRARIES on OSX, not sure if it exists in Windows) which basically overwrites any call to open() by the process with our own version of open() which logs what we're opening. Same for write, read, etc. It's very simple to do, and very performant since you're essentially teaching the process to log itself. The downside is that it only works for dynamically-linked process, and i have no idea of the prevalence of dynamic/statically linked programs. I dont even know if it is possible before execution to tell if a process is dynamically or statically linked (with the intention of using this method by default, but falling back to a less-performant method if its not possible).
I need help choosing the optimal path to go down. I have already implemented the first method because it was simple and gave me a way to work on the logging backend (http://ac.gt/log) but really i need to upgrade to one of the other methods. Your advice would be invaluable :)
Take a look to the source code of "strace" (and its -f to trace children). It does basically what you are trying to do. It captures all the system calls of the process (or its childs) so you can grep for operations like "open", etc.
The following link provides some examples of implementing your own strace by using the ptrace system call:
https://blog.nelhage.com/2010/08/write-yourself-an-strace-in-70-lines-of-code/
I need an API to encode/decode an ASN.1 stream. I've read that OpenSSL supports this in C and I have access to it in my project, though I don't know how to actually use these functions. I effectively need to decode a struct, a SEQUENCE. Can anyone recommend how to do so?
It looks like openssl can be used to generate ASN.1 encodings of data through a cumbersome command line interface. It's not really an API that you could use - you'd be having to create one yourself that, underneath, made a lot of system calls like system("openssl asn1parse -genstr 'UTF8:Hello World'"). That sounds like a lot of work.
You're far better off using a proper ASN.1 toolset, take a look at the tools page on the ITU's website.
Ok, so I'm building this program in C for a Linux system. I need to be able to retrieve the content of a URL, and then read it line-by-line so I can do my own custom parsing on it.
Now, what's very important to me is speed, meaning I'd really like to do this without saving the entire thing to a file, then reading the file (since, for example, there may be content on the first line of the file that means I don't need to read the rest of it).
Also very important is that it is thread-safe. I tried using the code here: http://curl.haxx.se/libcurl/c/fopen.html but it uses global variables that make it impossible to safely multithread.
Any ideas?
Examples are just that: examples. If they work slightly wrong, then fix it to work better.
I would guess that you're better off starting with another example, perhaps this getinemory.c:
http://curl.haxx.se/libcurl/c/getinmemory.html
libcurl delivers data "chunk by chunk" and not line by line, so your application needs to figure out when you have enough data and you can then tell libcurl to stop transferring.
If you just want to retrieve the data for a page, it's fairly easy to use the socket API directly. There are also quite a few libraries around that make it a bit easier still. Unfortunately, you haven't said what system you want this for so it's hard to recommend which library you probably want (Windows demands a bit of special code to startup/shut down Winsock that isn't necessary and won't compile or link on almost any other system).
Almost the same question as this one here:
What's the easiest way to grab a web page in C?
however the conditions have changed and I need to connect via https, this is a bit more tricky, anyone got any snippets?
I am on a qnx platform, building and compiling additional libraries and rolling it out onto our product is very, very hard given the contraints. So things like libcurl are not possible.
Results:
It turns out I had to install libcurl on QNX after all. This involved installing perl and openSSL to build libcurl, but once that was built it was good to go. This was the least desirable option but it ended up being worth it.
libcurl should be able to handle anything you need to do.
If you're not able to use a library, then I guess you're either forced to cheat, as in "call out to a shell or some other environment that already has this capability". I'm not very familiar with QNX or the environments where it's typically run, not enough to dicount this possibility on my own anyway.
By the way, before skipping this: libcurl is known to build on QNX, so try that before even reading further.
Failing that, taking the question literally, I guess you need to implement the relevant parts of the HTTP protocol yourself. Since you now need secure access too, you're in a world of hurt. You just don't want to implement that type of code on your own, it is a lot of work, many many wheels to re-invent.
At the very least, I'd recommend taking a hard look around to see if any of the things you need to do this are already implemented. This page implies that OpenSSH is available for the QNX platform, which is encouraging.
I was away when you posted this followup question.
I've now posted an SSL-capable example program at http://pastebin.com/f1cd08b33
This needs to be linked against OpenSSL (-lssl) but doesn't need libcurl at all.
I'm new to windows programming and I'm trying to get notified of all changes to the file system (similar to the information that FileMon from SysInternals displays, but via an API). Is a FindFirstChangeNotification for each (non-network, non-substed) drive my best bet or are there other more suitable C/C++ APIs?
FindFirstChangeNotification is fine, but for slightly more ultimate power you should be using ReadDirectoryChangesW. (In fact, it's even recommended in the documentation!)
It doesn't require a function pointer, it does require you to manually decode a raw buffer, it uses Unicode file names, but it is generally better and more flexible.
On the other hand, if you want to do what FileMon does, you should probably do what FileMon does and use IFS to create and install a file system filter.
There are other ways to do it, but most of them involve effort on your part (or take performance from your app, or you have to block a thread to use them, etc). FindFirstChangeNotification is a bit complicated if you're not used to dealing with function pointers, etc, but it has the virtue of getting the OS to do the bulk of the work for you.
Actually FileSystemWatcher works perfectly with shared network drives. I am using it right now in an application which, among other things, monitors the file system for changes. (www.tabbles.net).
You can use FileSystemWatcher class. Very efficient but cannot work with Network shared drives.