Security: A very interesting security paper — Understanding Data
Lifetime via Whole System Simulation. It combines virtual machines
with data-flow tracking (a la perl’s ‘taint’ mechanism, after which this
site is named ;)
By modifying the Bochs VM to support tracking ‘tainted’ data, they
found several cases in popular apps (Mozilla, emacs, and MSIE) where
passwords entered from the keyboard are retained in memory, and thereby
wind up on disk due to swapping.
This has been a known issue for a long time — see the source for
passwd.c from the ’shadow’ package — but aside from security-naive
developers, several other factors have made it more complex recently:
- recent too-smart compilers will optimise away
memset()
- buffer-zeroing unless you’re careful (oops!)
- Input buffers and event queues are a problem; password data from the
keyboard will often persist in the kernel, window system, and
application event queue buffers.
- Abstractions cause many needless copies of tainted strings. Mozilla’s
abstraction layers even include a string-copy to the heap to perform a
string comparison operation, ouch ;)
In general, they suggest more use of buffer zeroing, even for low-level
buffers that might not seem to require it (such as the X server’s
event queue, and the kernel input buffers).
BTW, a similar system they didn’t mention is the Sidewinder
firewall appliance, which uses what they call ‘Type Enforcement’ –
effectively, tainting the data based on which network interface it arrived
on.
Overall, a very nifty paper. I wonder if Tal Garfinkel is related
to Simson? ;)
Oil: a MeFi gem:
expert opinion on depletion of the oil reserves. ‘Simmons, Campbell,
even the Iranian Bakhtiari agreed that the real situation of Saudi
reserves is very bad. … Not a rosy picture, even for optimists.’
Patents:
Transcript of the rms talk from a couple of weeks ago.
Tags: event, input, kernel, keyboard, mozilla, oil, paper, queue, security, system
