Reply to Re: Security of Unix Pipes (with Application Details)

Your name:

Reply:


Posted by Paul Pluzhnikov on 05/01/07 17:01

"David T. Ashley" <dta@e3ft.com> writes:

> I am not able to call a shared library directly from PHP.

You should be able to write a PHP extension (another shared library)
which will wrap the vendor-supplied library and provide an interface
that PHP expects. You should be able to load that extension into
unmodified PHP packages you get from RedHat.

> Because the FOB key is one of the parameters that must be used with the
> shared library, it must also be passed from PHP to the compiled C program.
> Because the FOB key is so sensitive, the question is how to pass it from PHP
> to the compiled program securely.

There is no method that will be secure against debugger (even the
PHP extension is prone to debugger discovery of the secret).

If you ignore the debugger, encrypting (via plain XOR) the FOB key
with another key, which is known to your compiled C program and to
your PHP module is the answer. You can then pass the encrypted key
any way you want: on command line, via pipe, through the environment
variable, in shared memory, etc. etc.

> Passing the information on the command line is clearly not secure, because
> program names and command-line parameters are world-visible on a Unix
> system.

And so are environment variables, and so are pipes, and so are files.
Any communication between your PHP process and your compiled C
program is very easy to "sniff" from another process with the same UID.

> However, I was thinking that I could use the PHP proc_open() function:
>
> http://us.php.net/manual/en/function.proc-open.php
>
> to pass the information to the compiled C program's stdin and get
> information back from stdout securely (without others being able to
> eavesdrop).

Other processes with the same UID (or root) will be able to trivially
eavesdrop (as we told you before).

> I guess also I'd need to wipe memory before the compiled C program
> terminates to get rid of any trace of the sensitive information (otherwise
> the memory might be discovered by other processes later).

I believe this attack is impossible on any modern UNIX -- the OS
will not give "dirty" RAM to another process.

Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация