What a load of nonsense here: no, I don't think we should further extend th= e boundaries of mathematical logic in order to avoid such bugs, and I don't= think we should now change our programming habits and use the magic power = of Haskell - I actually think, somebody should read the code that others pr= ogram..especially if it is security related code, shouldn't anybody=A0 ?! = This is a bug which children get taught to avoid when programming and how t= o avoid, namely check the input, don't rely on the user entering a number b= etween 1 and 10 even if you tell them, but check it, omg. OMG On Tuesday, 22 April 2014, 14:00, "[email protected]" <f= [email protected]> wrote: = Send freebsd-security mailing list submissions to =A0=A0=A0 [email protected] To subscribe or unsubscribe via the World Wide Web, visit =A0=A0=A0 http://lists.freebsd.org/mailman/listinfo/freebsd-security or, via email, send a message with subject or body 'help' to =A0=A0=A0 [email protected] You can reach the person managing the list at =A0=A0=A0 [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of freebsd-security digest..." Today's Topics: =A0 1. Re: De Raadt + FBSD + OpenSSH + hole? (Garance A Drosehn) =A0 2. Re: De Raadt + FBSD + OpenSSH + hole? (Kimmo Paasiala) =A0 3. Re: De Raadt + FBSD + OpenSSH + hole? (Robison, Dave) =A0 4. Re: De Raadt + FBSD + OpenSSH + hole? (Ronald F. Guilmette) =A0 5. Re: De Raadt + FBSD + OpenSSH + hole? (Christian Kratzer) =A0 6. Re: De Raadt + FBSD + OpenSSH + hole? (hcoin) =A0 7. Re: De Raadt + FBSD + OpenSSH + hole? (Ronald F. Guilmette) =A0 8. Re: De Raadt + FBSD + OpenSSH + hole? (Ronald F. Guilmette) =A0 9. Re: De Raadt + FBSD + OpenSSH + hole? (hcoin) ---------------------------------------------------------------------- Message: 1 Date: Mon, 21 Apr 2014 11:13:24 -0400 From: "Garance A Drosehn" <[email protected]> To: "Jamie Landeg-Jones" <[email protected]> Cc: [email protected], [email protected] Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <[email protected]> On 20 Apr 2014, at 23:06, Jamie Landeg-Jones wrote: > "hcoin" <[email protected]> wrote: > >> local variables) harms performance.=A0 It's also true doing both of the= se >> things would not fix the flaw that 'opened the window' onto these data. >> However it is true that doing so would make the exploit valueless as >> 'opening a window' onto erased data would reveal nothing and could erase >> trojan/virus 'hijack via code-injection then trampoline' opportunities. > > In the heartbleed case, was the bug returning stale freed memory, though? > Couldn't it just as easily have been that the over-read was returning any > other memory that the process has had allocated for other variables - data > that was still in use? The heardbleed case is totally an error in openssl, because it does not really use the system malloc/free.=A0 It mallocs a huge chunk of memory from the system when it starts up, and then it has it's own routines which manag= es that memory.=A0 As far as the operating system is concerned, it can't touch= any of that memory, even though openssl is using it over-and-over for whatever = it needs memory for.=A0 Openssl did this, of course, for performance reasons. So in the case of openssl, the problem was that the code *never* returned memory, no matter how stale and unreferenced the data was. -- = Garance Alistair Drosehn=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =3D=A0 =A0 drosih@r= pi.edu Senior Systems Programmer=A0 =A0 =A0 =A0 =A0 =A0 =A0 or=A0 [email protected] Rensselaer Polytechnic Institute;=A0 =A0 =A0 =A0 =A0 =A0 Troy, NY;=A0 USA ------------------------------ Message: 2 Date: Mon, 21 Apr 2014 18:23:07 +0300 From: Kimmo Paasiala <[email protected]> To: Jamie Landeg-Jones <[email protected]> Cc: [email protected] Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <[email protected]> Content-Type: text/plain; charset=3D"windows-1252" On 21.4.2014, at 6.06, Jamie Landeg-Jones <[email protected]> wrote: > "hcoin" <[email protected]> wrote: > = >> local variables) harms performance.=A0 It's also true doing both of the= se = >> things would not fix the flaw that 'opened the window' onto these data.= =A0 = >> However it is true that doing so would make the exploit valueless as = >> 'opening a window' onto erased data would reveal nothing and could erase = >> trojan/virus 'hijack via code-injection then trampoline' opportunities. > = > In the heartbleed case, was the bug returning stale freed memory, though? > Couldn't it just as easily have been that the over-read was returning any > other memory that the process has had allocated for other variables - data > that was still in use? No, the problem was another type of programming error that is endemic in C = programming. It?s called failure to validate input parameters before using = the input parameters or derived values from the input parameters as array i= ndices. = https://en.wikipedia.org/wiki/Bounds_checking The bug allowed an attacker to request any number of bytes from memory that= followed the buffer that the client was usually allowed to access (dependi= ng on how the index was interpreted it might have been possible to request = memory before the buffer as well). The part of memory that followed the buf= fer very probably contained some very sensitive information, possibly secre= t keys that were loaded in memory (memory that was constantly in use and no= t free()?d until the process terminates) in unprotected form (plain text es= sentially) for fast access during encryption and decryption. -Kimmo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 496 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140= 421/dc7e964d/attachment-0001.sig> ------------------------------ Message: 3 Date: Mon, 21 Apr 2014 11:06:19 -0700 From: "Robison, Dave" <[email protected]> To: <[email protected]> Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <[email protected]> Content-Type: text/plain; charset=3D"ISO-8859-1" On 04/19/2014 18:46, Mikhail wrote: >> On 4/14/2014 7:32 AM, Jamie Landeg-Jones wrote: >>> Matt Dawson <[email protected]> wrote: >>> >>>> My first thought when I saw this was "ego over ethics," which says more >>>> about Theo than FreeBSD. >>> > = > I believe that Theo just browbeat. Reasons? It was looooong ago, I think > very few still remember, but Theo definitely does: > = > http://lists.freebsd.org/pipermail/freebsd-security/2005-March/002719.html > _______________________________________________ Theo has maliciously impacted the FreeBSD project at least twice that I can recall. Nobody should expect any less from him. -- = Dave Robison Sales Solution Architect II FIS Banking Solutions 510/621-2089 (w) 530/518-5194 (c) 510/621-2020 (f) [email protected] [email protected] _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. ------------------------------ Message: 4 Date: Mon, 21 Apr 2014 13:39:17 -0700 From: "Ronald F. Guilmette" <[email protected]> To: [email protected] Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <[email protected]> In message <[email protected]>, = "hcoin" <[email protected]> wrote: >... It is for the community to decide whether it is 'worth it' = >on a case by case basis given there is no way to prove a program = >'correct' from a security perspective. I guess that I was sick that day in software school. Did I just hear you tell me that I can't prove the following program is "secure"? int main (void) { =A0 return 0; } ------------------------------ Message: 5 Date: Mon, 21 Apr 2014 23:28:26 +0200 (CEST) From: Christian Kratzer <[email protected]> To: "Ronald F. Guilmette" <[email protected]> Cc: [email protected] Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <[email protected]> Content-Type: TEXT/PLAIN; charset=3DUS-ASCII; format=3Dflowed Hi, On Mon, 21 Apr 2014, Ronald F. Guilmette wrote: > > In message <[email protected]>, > "hcoin" <[email protected]> wrote: > >> ... It is for the community to decide whether it is 'worth it' >> on a case by case basis given there is no way to prove a program >> 'correct' from a security perspective. > > I guess that I was sick that day in software school. > > Did I just hear you tell me that I can't prove the following program > is "secure"? > > > int > main (void) > { >=A0 return 0; > } in an ideal world you could propably.=A0 The difficulty ist that even above seemingly trival snippet of code is run after initialization of the c runtime library and some pre processing of argc, argv. It gets more complex with c++ contstructors run before main. If gets even more complex the more software components interact in wierd and wonderfull ways. Greetings Christian -- = Christian Kratzer=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 CK Software GmbH Email:=A0 [email protected]=A0 =A0 =A0 =A0 =A0 =A0 =A0 Wildberger Weg 24/2 Phone:=A0 +49 7032 893 997 - 0=A0 =A0 =A0 D-71126 Gaeufelden Fax:=A0 =A0 +49 7032 893 997 - 9=A0 =A0 =A0 HRB 245288, Amtsgericht Stutt= gart Mobile:=A0 +49 171 1947 843=A0 =A0 =A0 =A0 =A0 Geschaeftsfuehrer: Christia= n Kratzer Web:=A0 =A0 http://www.cksoft.de/ ------------------------------ Message: 6 Date: Mon, 21 Apr 2014 16:35:26 -0500 From: "hcoin" <[email protected]> To: [email protected] Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <[email protected]> Content-Type: text/plain; charset=3DISO-8859-1; format=3Dflowed On 04/21/2014 03:39 PM, Ronald F. Guilmette wrote: > > In message <[email protected]>, > "hcoin" <[email protected]> wrote: > >> ... It is for the community to decide whether it is 'worth it' >> on a case by case basis given there is no way to prove a program >> 'correct' from a security perspective. > I guess that I was sick that day in software school. > > Did I just hear you tell me that I can't prove the following program > is "secure"? > > > int > main (void) > { >=A0 =A0 return 0; > } > _______________________________________________ > Good one.=A0 There were efforts, some years ago, to prove 'software = correctness' with a similar understanding of 'correct' as mathematicians = have when regarding a theorem as 'true'.=A0 The alligators in the = complexity swamp ate those efforts before breakfast.=A0 First you have to = prove the microcode in the processors correct, then you have to prove = the compilers 'correctly' translate your favorite language into machine = code, then you have to prove the OS is both 'correct' and doesn't = 'break' the correctness in the running application.=A0 To manage that you = have to extend logical expression to manage asynchronous events, no = small thing.=A0 Our logical tools are pretty bound to linear 'if then' = bricks-upon-other-bricks concepts. And then, after all that is proven, the question of whether the program = you wrote is 'correct' can be engaged. The new-ish language Haskell takes an 'outside the box' approach to the = question, by shifting what a 'program' is to be closer to 'what should = the result be' than 'what step should happen next'.=A0 There's more hope = such a language could specify provably correct programs than C-ish or = object-oriented cousins, but that still leaves the whole = machine-language domain unaddressed. Imagine the size of a number made up of every settable option bit in the = processor and support chips, and add more for each occasion the order in = which those bits are set or reset matters.=A0 Each combination of those = bits calls for the correctness proof to be rechecked. Even in that little program you wrote, is it a security hole if, left on = the stack upon return, the perhaps unused arguments remain? Just because = you're paranoid doesn't mean they really aren't after you. ------------------------------ Message: 7 Date: Mon, 21 Apr 2014 14:49:45 -0700 From: "Ronald F. Guilmette" <[email protected]> To: [email protected] Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <[email protected]> In message <[email protected]>, = Christian Kratzer <[email protected]> wrote: >On Mon, 21 Apr 2014, Ronald F. Guilmette wrote: >> >> In message <[email protected]>, >> "hcoin" <[email protected]> wrote: >> >>> ... It is for the community to decide whether it is 'worth it' >>> on a case by case basis given there is no way to prove a program >>> 'correct' from a security perspective. >> >> I guess that I was sick that day in software school. >> >> Did I just hear you tell me that I can't prove the following program >> is "secure"? >> >> >> int >> main (void) >> { >>=A0 return 0; >> } > >in an ideal world you could propably.=A0 The difficulty ist that even >above seemingly trival snippet of code is run after initialization of >the c runtime library and some pre processing of argc, argv. > >It gets more complex with c++ contstructors run before main. > >If gets even more complex the more software components interact in >wierd and wonderfull ways. At the risk of stating the obvious... =A0 =A0 Complexity !=3D Impossibility I think that we need better tools. But then again, I have always thought that, and undoubtedly always will. Regards, rfg ------------------------------ Message: 8 Date: Mon, 21 Apr 2014 18:38:45 -0700 From: "Ronald F. Guilmette" <[email protected]> To: [email protected] Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <[email protected]> In message <[email protected]>, = "hcoin" <[email protected]> wrote: > >On 04/21/2014 03:39 PM, Ronald F. Guilmette wrote: >> >> In message <[email protected]>, >> "hcoin" <[email protected]> wrote: >> >>> ... It is for the community to decide whether it is 'worth it' >>> on a case by case basis given there is no way to prove a program >>> 'correct' from a security perspective. >> I guess that I was sick that day in software school. >> >> Did I just hear you tell me that I can't prove the following program >> is "secure"? >> >> >> int >> main (void) >> { >>=A0 =A0 return 0; >> } >> _______________________________________________ >> >Good one. Thank you.=A0 I wish that I could say that I had written that program all by myself, but... >There were efforts, some years ago, to prove 'software = >correctness' with a similar understanding of 'correct' as mathematicians = >have when regarding a theorem as 'true'.=A0 The alligators in the = >complexity swamp ate those efforts before breakfast. Well, um, yes. >First you have to = >prove the microcode in the processors correct, then you have to prove = >the compilers 'correctly' translate your favorite language into machine = >code, then you have to prove the OS is both 'correct' and doesn't = >'break' the correctness in the running application. Sure, if one wanted to be really anal about it.=A0 But the semantics of a given C program are specified by the ANSI/ISO C standard. >The new-ish language Haskell takes an 'outside the box' approach to the ... Funny you should mention that. Just after I wrote the message to which you responded, it occured to me that I had not read anything at all about denotational senatics for about the last 20 years (and even the stuff that I did read, way back then, was probably over my head).=A0 So just today, I went and looked at the entry for "denotational semantics" in Wikipedia.=A0 That Wikipedia entry did mention one language in particular... Haskell. I guess that I'll be looking into that.=A0 (I currently know zip about Hask= ell, but am always eager to learn new things.) >Even in that little program you wrote, is it a security hole if, left on = >the stack upon return, the perhaps unused arguments remain? I suspect that you and I have different definitions of the term "security hole". >Just because you're paranoid doesn't mean they really aren't after you. On this, at least, we agree completely. One last thought... In the aftermath of this whole OpenSSL brouhaha... which none other than Bruce Schneier publically pronounced to be a 12, on a scale from 1 to 10, in terms of awfulness... I do wonder if anyone has taken the time or effort to run the OpenSSL sources through any kind of analyzer to try to obtain some of the standard sorts of software science metrics on it. I suspect that a whole lot of folks might be either (a) red faced or else (b) deeply concerned if a scientifically derived estimate of the number of *remaining* (and as-yet undiscovered) bugs in that package were published. Regards, rfg P.S.=A0 I do think that Schneier has seriously overstated the criticality o= f = Heartbleed.=A0 So far, I am not aware of -any- banks or other financial institutions which have been confirmed to have been affected, and by and large, life goes on and the world has not ended. ------------------------------ Message: 9 Date: Mon, 21 Apr 2014 21:54:47 -0500 From: "hcoin" <[email protected]> To: [email protected] Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <[email protected]> Content-Type: text/plain; charset=3DISO-8859-1; format=3Dflowed On 04/21/2014 08:38 PM, Ronald F. Guilmette wrote: <snipping good stuff before this good stuff> > I suspect that a whole lot of folks might be either (a) red faced or else > (b) deeply concerned if a scientifically derived estimate of the number of > *remaining*=A0 (and as-yet undiscovered) bugs in that package were publis= hed. Yes indeed.=A0 I think your comment 'as-yet undiscovered' is of an = aspirational character. Imagine if your job, every day, is to take all the same talent and = training involved in creating all this to find exploits.=A0 A person whose = mind isn't absorbed with knowing everything about one area enough to = move it's art ahead, but enough about all the areas with emphasis on = their interfaces and edge conditions.=A0 For example, just the right = compiler quirk or processor microcode quirk with just the right OS quirk = in just the right library routine, or a quirk in the firmware of any = device able to generate memory read bus cycles (smart network interface = chips and hardware RAID cards come to mind, and, oh my -- graphics = processors.... Every time device memory is mapped into user space ... = worry.).=A0 The folks that do that are good at not sharing, and using them = sparingly. It's the same problem faced by any defender:=A0 the defenders have to be = entirely right all the time, while the exploit finder only has to be = right once.=A0 Only rigor approaching the level of math theorems applied = to software security (a trace easier than 'software correctness' I = expect) can offer trustworthy assurances about blocking software-only = exploits. The semantics of all our current popular languages, for reasons to do = with making early 8 bit processors deliver value,=A0 are silent about what = happens to data that 'goes out of scope' or 'is freed', most of the time = the OS just marks the memory page 'unused' without knowing whether it's = of importance to wipe.=A0 A few little-used languages had 'garbage = collection routines' that could have been good at wiping.=A0 But mostly = our languages struggled to do the right thing with data people cared = about to bother much with what happened to it when 'done'.=A0 There was no = performance that could be spared to "protect against data = dumpster-divers".=A0 =A0 And wow look at what happened to programming = discipline, particularly application programming, when throwing another = gigabyte of ram or another processor into a machine cost less than = tuning a routine. Most of the time it's not worth the processor time to wipe old data as = the pages are bits from an old movie data anyhow.=A0 But most of the time = isn't all of the time. Perhaps we should consider adding a variable attribute like 'secure' = much like 'volatile' was added, to cause the compiler to generate code = wiping such variables when they go out of scope, force initialize them = to a known bit pattern, and only allocate those variables to pages that = are wiped on free and that can't be referenced by pointer or other means = except by a function or procedure that also has a 'secure' attribute. I'll go back to lurking now!=A0 Thanks for all your efforts. H ------------------------------ Subject: Digest Footer _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]" ------------------------------ End of freebsd-security Digest, Vol 484, Issue 2 ************************************************ _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"