Re: [DNG] May I use Netaid source as an example of good code?

2021-09-19 Thread aitor 

Hi,

On 19/9/21 10:31, aitor wrote:
_Note 4_: i've done a lot of improvements in the daemon (snetaid), but 
i still didn't push them to gitea. I'll let you know.


Done:

https://gitea.devuan.dev/aitor_czr/snetaid/src/branch/master 



Another clarification: readme files aren't updated.

Cheers,

Aitor.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] May I use Netaid source as an example of good code?

2021-09-19 Thread aitor 

Hi,

On 2/8/21 11:41, aitor wrote:

On 2/8/21 0:44, aitor wrote:
Better said, the suid binary can check whether or not the gui has 
handled the signal as expected because
the default behavior of SIGUSR1 (User defined signal 1) is to 
terminate the process. See the table at the

end of the link:

https://en.wikipedia.org/wiki/Signal_(IPC)#POSIX_signals 



I.e., when such a intruder is acting the 
PSTAT_BINARY="SOMEWHERE_DEFINED_NAME" with process ID="PID"

no longer exists.


Here you are the code:

https://www.gnuinos.org/suid/ 


** HOWTO: **

1) Install Jude Nelson's libpstat:

$ git clone https://github.com/jcnelson/libpstat.git
$ cd libpstat
$ make OS=LINUX
$ sudo make install PREFIX=/ INCLUDE_PREFIX=/usr


2) Open an empty directory and download the files:

$ wget https://www.gnuinos.org/suid/Makefile
$ wget https://www.gnuinos.org/suid/gui.c
$ wget https://www.gnuinos.org/suid/suid.c
$ wget https://www.gnuinos.org/suid/intruder.c


3) Install libgtk-3-dev:

$ sudo apt-get install libgtk-3-dev


4) Build the files:

$ make


5) Run the GUI in the command line and click on the button several times:

$ ./gui

You'll get:

From GUI: Received a 10 (SIGUSR1) signal sent from the suid
From SUID: Ok, go on!


6) Open a new tab in the command line and run the intruder (the GUI 
remains running):


$ ./intruder

You'll get:

Foreign PID to use: 4301
From SUID: Stop, you're an intruder!

If you have a look at the code of both programs, they're trying to do 
the same (using the intruder a foreign pid).
Keep in mind that, for our testing purposes, all the binaries must be 
located in the same directory, since

we're using:

key_t key = ftok(".", 's');

to access the same shared memory segment.

Cheers,

Aitor.



There is a better way to do all this because it's possible to enquery 
the sender of the socket thanks to getsockopt(),

doing something like this:

pid_t pid;
socklen_t pid_size = sizeof(pid);
rc = getsockopt( df, SOCK_STREAM, SO_PEERCRED, , _size );
 if (rc == -1) {
 perror("getsockopt");
 return -1;

}
printf("client pid=%d\n", pid);

where fd is the file descriptor tied to the unix socket.

Once we know the pid of the process, libpstat will give us the fullpath 
to the binary runin the process,
checking afterwards whether or not it's included in the *white* list of 
allowed applications.


On the other hand, as simple-netaid is actually daemonized, it's 
possible to run all the stuff requiring root
permissions though the service, so i decided to remove the suid binary 
providing to the shared library
the CAP_KILL linux capability instead [*], which will allow us to send 
signals to the daemon without the requirement of
root permissions. Yes, to the shared library! Because doing this way, we 
don't need to give capabilities to each
application depending on it... [**]But i'll explain shortly this point 
in another thread headlined: "Hopman,

Simple-netaid and Linux capabilities".

Cheers,

Aitor.

_Note 1_: giving suid permissions to an executable shared library 
doesn't take effect (and it wouldn't be recommended),

but it's possible to provide them linux capabilites.

_Note 2_: keep in mind that the shared library sends the signal to the 
daemon, and then the daemon communicates with
the running process though the socket filtering possible intruders in 
the client side (the shared library cannot make use
of libpstat beforesending the signal to the daemon because it would 
require root permissions).


_Note 3_: the daemon uses select() waiting for netlink events, and it's 
possible to add more and more file descriptors
to the poll via FD_SET(), keeping this way the daemon looking forward 
client sockets to communicate with, but i prefer to
do things the otherway around: the running process sends a signal to the 
daemon thanks the capability of the shared
library sendingafterwards therequired arguments though the server 
socket, and waiting to be listened by the client.
To finish with, at this point i must admit that i've never have had 
clear which is the server and which the client

(because i've seen everything!), but i hope you understand me :)

_Note 4_: i've done a lot of improvements in the daemon (snetaid), but i 
still didn't push them to gitea. I'll let you know.


[*] Look at the line nº 82 in the Makefile.am:

https://gitea.devuan.dev/aitor_czr/libnetaid/src/branch/master/src/Makefile.am 



[**] Now the shared library is executable:

https://gitea.devuan.dev/aitor_czr/libnetaid/src/branch/master/src/entry.c 







___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] May I use Netaid source as an example of good code?

2021-08-02 Thread aitor 

Hi,

On 2/8/21 0:44, aitor wrote:
Better said, the suid binary can check whether or not the gui has 
handled the signal as expected because
the default behavior of SIGUSR1 (User defined signal 1) is to 
terminate the process. See the table at the

end of the link:

https://en.wikipedia.org/wiki/Signal_(IPC)#POSIX_signals 



I.e., when such a intruder is acting the 
PSTAT_BINARY="SOMEWHERE_DEFINED_NAME" with process ID="PID"

no longer exists.


Here you are the code:

https://www.gnuinos.org/suid/ 


** HOWTO: **

1) Install Jude Nelson's libpstat:

$ git clone https://github.com/jcnelson/libpstat.git
$ cd libpstat
$ make OS=LINUX
$ sudo make install PREFIX=/ INCLUDE_PREFIX=/usr


2) Open an empty directory and download the files:

$ wget https://www.gnuinos.org/suid/Makefile
$ wget https://www.gnuinos.org/suid/gui.c
$ wget https://www.gnuinos.org/suid/suid.c
$ wget https://www.gnuinos.org/suid/intruder.c


3) Install libgtk-3-dev:

$ sudo apt-get install libgtk-3-dev


4) Build the files:

$ make


5) Run the GUI in the command line and click on the button several times:

$ ./gui

You'll get:

From GUI: Received a 10 (SIGUSR1) signal sent from the suid
From SUID: Ok, go on!


6) Open a new tab in the command line and run the intruder (the GUI 
remains running):


$ ./intruder

You'll get:

Foreign PID to use: 4301
From SUID: Stop, you're an intruder!

If you have a look at the code of both programs, they're trying to do 
the same (using the intruder a foreign pid).
Keep in mind that, for our testing purposes, all the binaries must be 
located in the same directory, since

we're using:

key_t key = ftok(".", 's');

to access the same shared memory segment.

Cheers,

Aitor.





___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] May I use Netaid source as an example of good code?

2021-08-01 Thread aitor 

On 2/8/21 0:41, aitor wrote:


Hi,

On 1/8/21 19:20, aitor wrote:
After that, the suid binary can check _whether or not_ the emited 
signal has been received. If yes, both
the gui and the suid will communicate each other through a unix 
socket or a fifo to know what to do.
Better said, the suid binary can check whether or not the gui has 
handled the signal as expected because
the default behavior of SIGUSR1 (User defined signal 1) is to 
terminate the process. See the table at the

end of the link:

https://en.wikipedia.org/wiki/Signal_(IPC)#POSIX_signals 



I.e., when such a intruder is acting the 
PSTAT_BINARY="SOMEWHERE_DEFINED_NAME" with process ID="PID"

no longer exists.

Aitor.


Sorry for the "Re: [DNG] [SPAM] Re: ... " in the subject :(

Aitor.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] May I use Netaid source as an example of good code?

2021-08-01 Thread aitor 

Hi again,

On 1/8/21 19:20, aitor wrote:


Hi Arnt,

On 1/8/21 17:59, Arnt Karlsen wrote:

I'm looking for a safer way to run the binary with suid permissions
using the shared memory of the system to send a signal.

Time ago somebody said me: "you can do nothing from your binary that
i can't do externally from another binary".

So, am i wasting time?

..nope.


Good :)



Today i've been testing the idea and it's working for me. I'd like to
prepare an example and share with all of you to resolve
vulnerabilities. The example consists of a window with a button (to
run the suid binary) and another binary -the intruder- located in the
same directory and trying to do the same by using the other party's
PID pretending to be the window.

..you're being too damned naive: Why would the intruder not try to
e.g. use your PID?


?

Yes, the intruder would.., of course. And that's what i'm trying to 
avoid. The logic is as follows:


Let's assume the intruder sending our PID. The suid binary receives 
the PID and extracts
the corresponding binary name afterwards. There are other ways, but 
i'll use Jude Nelson's

libpstat for that.

If this name -say PSTAT_BINARY- doesn't match the name of our 
application, then the suid binary

will do nothing. For instance:

if (PSTAT_BINARY == $current_working_dir/app_name) {

    continue;

} else {

    do nothing;

}

Now, you're thinking: "The gui application is already running with the 
above PID. So,

the suid binary will go ahead!"

And here is the key point: the suid binary sends a SIGUSR1 signal to 
the gui application. But
the signal handler associated to this SIGUSR1 is activated within the 
callback function of the button
responsible for running the suid binary, being triggered its default 
signal handling behavior as
soon as the suid binary has been executed. Hence, not reacting to the 
SIGUSR1 signal

events unlessthe user clicks again on the button.


gboolean button_callback ()
{

  /*

    ... run the suid binary asynchronously, going ahead...

 */

  /*  trigger the signal handler in order to receive the SIGUSR1 
signal emited by the suid binary */


  struct sigaction sa;
  memset(, 0, sizeof(sa));
  sa.sa_handler = sig_handler;
  sa.sa_flags = SA_RESTART | SA_SIGINFO;
  sigemptyset(_mask);
  sigaction(SIGUSR1, , 0);

}

Now, the signal handler will react:

void signal_handler (int signum)
{

if( gtk_main_level() == 0) exit(-1);

/*

    ... here goes the socket ...

 */

  /*   Set to default !!  */

  signal(SIGUSR1, SIG_DFL);

}

After that, the suid binary can check _whether or not_ the emited 
signal has been received. If yes, both
the gui and the suid will communicate each other through a unix socket 
or a fifo to know what to do.


Finally, the suid binary parses the received arguments.

Does it make sense? If not, i may stop here.

Thanks in advance,

Aitor.



The PID of the process is emmited via shmget():

https://www.csl.mtu.edu/cs4411.ck/www/NOTES/signal/kill.html 



The idea might have weak points, but it's better than nothing.

Aitor.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] May I use Netaid source as an example of good code?

2021-08-01 Thread Arnt Karlsen 
On Sun, 1 Aug 2021 12:41:58 +0200, aitor wrote in message 
:

> Hi,
> 
> On 1/8/21 1:39, aitor wrote:
> > I'm looking for a safer way to run the binary with suid permissions 
> > using the shared memory of the system to send a signal.  
> 
> Time ago somebody said me: "you can do nothing from your binary that
> i can't do externally from another binary".
> 
> So, am i wasting time?

..nope.

> 
> Today i've been testing the idea and it's working for me. I'd like to 
> prepare an example and share with all of you to resolve
> vulnerabilities. The example consists of a window with a button (to
> run the suid binary) and another binary -the intruder- located in the
> same directory and trying to do the same by using the other party's
> PID pretending to be the window.

..you're being too damned naive: Why would the intruder not try to
e.g. use your PID?

> The result is a segmentation fault.

..which I would argue is good, unless you are trying to set up some
sort of honey trap. 
For a public etc service, log what you need and restart that service.

> I insist on trying to find the safest approach to run the suid binary 
> because this is important not only for simple-netaid, but also for
> hopman, which will require granted permissions for running the
> *eject* command or the like (among others?).
> 
> Cheers,
> 
> Aitor.

..that eject command Can be used with a CD player to push a 
reset or power switch button. ;o)

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] May I use Netaid source as an example of good code?

2021-08-01 Thread aitor 

Hi,

On 1/8/21 1:39, aitor wrote:
I'm looking for a safer way to run the binary with suid permissions 
using the shared memory of the system to send a signal.


Time ago somebody said me: "you can do nothing from your binary that i 
can't do externally from another binary".


So, am i wasting time?

Today i've been testing the idea and it's working for me. I'd like to 
prepare an example and share with all of you to resolve vulnerabilities.
The example consists of a window with a button (to run the suid binary) 
and another binary -the intruder- located in the same directory
and trying to do the same by using the other party's PID pretending to 
be the window. The result is a segmentation fault.


I insist on trying to find the safest approach to run the suid binary 
because this is important not only for simple-netaid, but also for hopman,
which will require granted permissions for running the *eject* command 
or the like (among others?).


Cheers,

Aitor.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] May I use Netaid source as an example of good code?

2021-07-31 Thread Steve Litt 
aitor said on Sun, 1 Aug 2021 01:41:27 +0200

>On 1/8/21 1:39, aitor wrote:
>>
>> I'll write a post tomorrow in the mailing list talking about this
>> point.
>>
>> Cheers, time to bed :)
>>  
>Oops, i thought it was a private mail, no worries... :)

Aitor, in the many years I've known you, I've never seen you post
anything that the whole world couldn't know. You're just a genuine nice
guy who sees the best in people.

SteveT

Steve Litt 
Spring 2021 featured book: Troubleshooting Techniques of the Successful
Technologist http://www.troubleshooters.com/techniques
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] May I use Netaid source as an example of good code?

2021-07-31 Thread aitor 

On 1/8/21 1:39, aitor wrote:


I'll write a post tomorrow in the mailing list talking about this point.

Cheers, time to bed :)


Oops, i thought it was a private mail, no worries... :)


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] May I use Netaid source as an example of good code?

2021-07-31 Thread aitor 

Hi again,

On 1/8/21 1:35, aitor wrote:

On 1/8/21 1:26, Steve Litt wrote:

Hi Aitor,

In my presentation this coming Wednesday night, I'd like to use your
source code at
https://gitea.devuan.dev/aitor_czr/libnetaid/src/branch/master/backend_src/
as an example of good code? Highly cohesive, low coupling, most
functions fit on the screen, most source files less than 300 lines. I'd
really like to use it as an example of good code.

Thanks,

SteveT


Of course Steve, it would give me great pleasure ;~)

I'm looking for a safer way to run the binary with suid permissions 
using the shared memory of the system to send a signal.


I'll write a post tomorrow in the mailing list talking about this point.

Cheers, time to bed :)

Aitor.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] May I use Netaid source as an example of good code?

2021-07-31 Thread aitor 

Hi,

On 1/8/21 1:26, Steve Litt wrote:

Hi Aitor,

In my presentation this coming Wednesday night, I'd like to use your
source code at
https://gitea.devuan.dev/aitor_czr/libnetaid/src/branch/master/backend_src/
as an example of good code? Highly cohesive, low coupling, most
functions fit on the screen, most source files less than 300 lines. I'd
really like to use it as an example of good code.

Thanks,

SteveT


Of course Steve, it would give me great pleasure ;~)

Aitor.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] May I use Netaid source as an example of good code?

2021-07-31 Thread Steve Litt 
Hi Aitor,

In my presentation this coming Wednesday night, I'd like to use your
source code at
https://gitea.devuan.dev/aitor_czr/libnetaid/src/branch/master/backend_src/
as an example of good code? Highly cohesive, low coupling, most
functions fit on the screen, most source files less than 300 lines. I'd
really like to use it as an example of good code.

Thanks,

SteveT

Steve Litt 
Spring 2021 featured book: Troubleshooting Techniques of the Successful
Technologist http://www.troubleshooters.com/techniques
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng