safely programming c and unix

. while my primary concern is computer-user empowerment,
my primary responsibility is security .
. a revision of Wheeler’s Secure Programming how-to.

Unix-like systems are not easy to secure

 . after reading about some of the ridiculous problems that unix has
with finding a safe way to write temp files,
I couldn’t believe Apple’s mac unix didn’t have a solution for this,
and wondered if Wheeler`s book on secure unix practices
was really still relevant … but this is about unix not mac .

what unix is and isn’t

. c is a simple language, but the c`library is easy to misuse .
. in order to reduce vulnerabilities,
programmers need to review the works of security historians,
and use assurance processes (such as inspections and other peer review techniques).

. unix was designed in an era when system administrators
were just as careful about who wrote their software
as about who’d be hired to join them in the office
— they actually read the source code!
… or virtually anyway,
since the unix way is good at sharing composable tools
and those tools were being shared only among
friends or credentialed associates;
and, the code was being reviewed whenever a bug came up .

. the unix way still makes sense when
viewing the unix system as just one node in an
soa (service-oriented architecture);
that is, when all the system tools are trusted,
while all the users and 3rd party app’s are untrusted:
so that any services they request
can affect only the data on their own node,
not anything on the unix system .

. much of Wheeler’s advice
(upon which this article is primarily based)
assumes unix is not used as an soa node .
. for example,
the problem with race-conditions on temporary files
would happen because, in Unix-like systems,
temp’files are traditionally created  in
the system’s /tmp or /var/tmp directories,
which must be shared by all users .
. there could have originally been the assumption that
only the core system services would use the /tmp directories
so then applications would use them only indirectly,
through system calls .

. Kerberos works by giving authenticated users “tickets”,
granting them access to various services on the network .
. when clients then contact servers, the servers can verify the tickets.
Kerberos is a popular method for securing and supporting
authentication on a LAN,
and for establishing shared secrets
(thus, it needs to be used with other algorithms
for the actual protection of communication).

. in an soa, each process is considered to be a user
that gets a ticket like the one kerberos can provide;
thereby providing a way to trace
which process is doing what .
. another technology similar to soa,
in that it does “(Secure the interface, minimize privileges, …)
is capability-based security .
. soa’s tokens assure than anything done by an application
can be traced back to that app’ and its author;
whereas, cap’based security gives each app’ a collection of tokens
that determine both what objects they can access,
and what sort of operations can be applied to the objects .

beware incremental vulnerabilities

. many SSH implementations have a weakness in exchanging passwords:
observers could look at packets and determine
the password`length (or length range),
even if they couldn’t determine the password itself.
They could also also determine other information about the password
that significantly aided in breaking it.

Remote Timing Techniques:
effort expended by the CPU can be detected remotely

program integrity

. many programs feature a built-in scripting language
which can set an environment variable
that in turn can adversely affect the program .
. carefully screen sources of these scripts .
. for example, see the malloc(3) man page for how
environment variables can detect heap overflow
— a condition many exploits depend on .

Consider statically linking secure programs
to counters attacks on the dynamic link library mechanism
This is likely to increase disk and memory use
(from multiple copies of the same routines).
and it makes updating more difficult .

Sign your code with Cryptographic Hash Algorithms
so others can see if your code has been tampered .
If you’re writing new code, use SHA-1 instead of MD5.
If you need more bits in your hash algorithm,
use SHA-256, SHA-384, or SHA-512;
you can get the specifications in NIST FIPS PUB 180-2.(pdf)

privacy assurance

pseudo-random number generator (PRNG)
. for security purposes, don’t use std-lib prng’s
(those coming with your C library);
unless they specifically claim to be cryptographically secure,
they are designed only for supporting statistical functions
as used in simulations .

. on Linux, or *BSD systems use /dev/random
see system documentation random(4).
. the random number generator gathers environmental noise
from device drivers and other sources
into an entropy pool
. for other Unix-like systems
there is the Entropy Gathering Daemon (EGD),
which monitors system activity and hashes it into random values;
. consider piping PRNG outputs into
cryptographic hash functions (e.g., SHA-1),
so then even if the PRNG turns out to be guessable,
the attacker must now also break the hash function.
. a cryptographically strong (and patent-unencumbered) PRNG
is the Yarrow algorithm .
. examine IETF RFC 1750 — Randomness Recommendations for Security .
SSL/TLS for protecting http (web) transaction .
OpenPGP for securing email .
SSH, OpenSSH for securing “remote terminals” over an internet .

. don’t expect the system’s garbage collection (gc) service
to erase your garbage;
if the data is sensitive then erase it before releasing it for reuse .
. if letting the compiler do optimizations,
consider that doing your own erasing could be optimized away
as the compiler is thinking:
“(. you modified the value and then tossed the object ?
faster to just toss without the modification .)

. adda will provide gc;
the mem it zeroes will be reused by it,
so then the zeroing can’t be translated away,
except at end of program, where the final use of mem
should be a function that, after zero’ing,
does a scan of the result to get the signature,
and then files that signature .
. another tactic is to keep all sensitive data encrypted,
and then every time it’s used, it’s coming from
decrypt(mydata, password) ?
then the data is still on the stack
— better get some help
. in the best case,
you could simply trust the OS of your platform
to provide secure encryption and garbage collection .

additional resources

. this collection of articles is a revision of
Wheeler`secure programming tips
other resources for secure programming include:

CVE® (common vulnerabilities and exposures)
. free for public use, and International in scope,
CVE is a dictionary of publicly known
vulnerabilities and exposures concerning information security .


. grsecurity is an innovative, GPL’d approach to security;
a set of patches for the Linux kernel utilizing a multi-layered
detection, prevention, and containment model.
* An intelligent and robust Role-Based Access Control (RBAC) system
that can generate least privilege policies
for your entire system with no configuration
in which every process and user
have only the lowest privileges needed to function.
* Change root (chroot) hardening
* /tmp race prevention
* Extensive auditing
* Prevention of arbitrary code execution,
regardless of the technique used
(stack smashing, heap corruption, etc)
* Prevention of arbitrary code execution in the kernel
* Randomization of the stack, library, and heap bases
* Kernel stack base randomization
* Protection against exploitable null-pointer dereference bugs in the kernel
* Reduction of the risk of sensitive information being
leaked by arbitrary-read kernel bugs
* A restriction that allows a user to only view his/her processes
* Security alerts and audits that contain
the IP address of the person causing the alert

Bruce Schneier`open source for security:

. cryptography alone is not the answer;
with the use of computers and the internet
it’s very important to harden the system in additional ways .
. open source software has the potential to be more secure,
because you can double-check the author’s security analysis .

I33-011R-2006 — The 60 Minute Network Security Guide (pdf)

nsa`Systems and Network Attack Center
(First Steps Towards a Secure Network Environment)

PKI (Public-Key Infrastructures) and PKIX standards

. this openware book explains practical PKI functionality
and gives an overview of available open-source PKI implementations.
.. to foster the creation of a high quality open-source PKI.

international standards and guidance for security management:

ISO 13335
. guidance on security management [ISO 13335].
ISO/IEC 17799:2000
OWASP (Open Web Application Security Project)

Copyright © 1999, 2000, 2001, 2002, 2003 by David A. Wheeler
Copyright © 2009 by Philip Torrance III
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License (FDL), Version 1.1
or any later version published by the Free Software Foundation;
with the invariant sections being
“About the Author”, “About the (primary) Author”;
with no Front-Cover Texts, and no Back-Cover texts.
A copy of the license is included in the section entitled
“GNU Free Documentation License”.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s