| |
| 开源安全漏洞导致众多计算机系统面临威胁 |
|
| 来源:
Linux论坛
日期:
2008.05.21 17:33 (共有条评论) 我要评论 |
| |
原文地址:http://www.technologyreview.com/Infotech/20801/
近日,安全研究机构公布了Debian Linux操作系统发行套件中的两个重要漏洞,由于Ubuntu是基于Debian开发,因此也无法幸免.
研究人员称这一漏洞被“严重地低估”,它可以让上述两个Linux系统通过Secure Sockets Layer (SSL)被运行恶意代码.
这一漏洞还具有泄密特性,在在线交易时可能会被攻击者伪造密钥.并且这一问题已经存在了两年时间而没有得到妥善解决.
其实我们在这里并不是想重复这条就新闻,虽然这个漏洞和补丁内容已经在5.13号发布了,但是有多少系统管理员立即引起注意并且进行了安全防护。是不是在漏洞被公布之前就已经被恶意利用那个了,因为这个安全程序保证了全球数以万计的安全主机和用户进行交流,比如银行、保险等。
就算这样,那么还有多少这样的漏洞存在于开源软件系统中,没有暴露出来?就像前几天新闻里说的,BSD系统中也存在这一个漏洞,在和Samba系统交互的时候会出现非常严重的安全bug,这些是不是一个警示?
一个程序员偶尔犯下的小错误会不会导致一个巨大的灾难?
Back in May 2006, a few programmers working on an open-sourcesecurity project made a whopper of a mistake. Last week, the fullimpact of that mistake was just beginning to dawn on securityprofessionals around the world.
In technical terms, a programming error reduced the amount ofentropy used to create the cryptographic keys in a piece of code calledthe OpenSSL library, which is used by programs like the Apache Webserver, the SSH remote access program, the IPsec Virtual PrivateNetwork (VPN), secure e-mail programs, some software used foranonymously accessing the Internet, and so on.
In plainer language: after a week of analysis, we now know that twochanged lines of code have created profound security vulnerabilities inat least four different open-source operating systems, 25 differentapplication programs, and millions of individual computer systems onthe Internet. And even though the vulnerability was discovered on May13 and a patch has been distributed, installing the patch doesn'trepair the damage to the compromised systems. What's even more alarmingis that some computers may be compromised even though they aren'trunning the suspect code.
The reason that the patch doesn't fix the problem has to do with thespecifics of the programmers' error. Modern computer systems employlarge numbers to generate the keys that are used to encrypt and decryptinformation sent over a network. Authorized users know the right key,so they don't have to guess it. Malevolent hackers don't know the rightkey. Normally, it would simply take too long to guess it by trying allpossible keys--like, hundreds of billions of years too long.
But the security of the system turns upside down if the computer canonly use a limited number of a million different keys. For theauthorized user, the key looks good--the data gets encrypted. But thebad guy's software can quickly make and then try all possible keys fora specific computer. The error introduced two years ago makescryptographic keys easy to guess.
The error doesn't give every computer the same cryptographickey--that would have been caught before now. Instead, it reduces thenumber of different keys that these Linux computers can generate to32,767 different keys, depending on the computer's processorarchitecture, the size of the key, and the key type.
Less than a day after the vulnerability was announced, computer hacker HD Moore of the Metasploit project released a set of "toys"forcracking the keys of these poor Linux and Ubuntu computer systems. Asof Sunday, Moore's website had downloadable files of precomputed keys,just to make it easier to identify vulnerable computer systems.
Unlike the common buffer overflow bug, which can be fixed by loadingnew software, keys created with the buggy software don't get betterwhen the computer is patched: instead, new keys have to be generatedand installed. Complicating the process is the fact that keys also needto be certified and distributed: the process is time consuming,complex, and error prone.
Nobody knows just how many systems are impacted by this problem,because cryptographic keys are portable: vulnerable keys could havebeen generated on a Debian system in one office and then installed on aserver running Windows in another. Debian is a favored Linuxdistribution of many security professionals, and Ubuntu is one of themost popular Linux distributions for general use, so the reach of theproblem could be quite widespread.
So how did the programmers make the mistake in the first place?Ironically, they were using an automated tool designed to catch thekinds of programming bugs that lead to security vulnerabilities. Thetool, called Valgrind,discovered that the OpenSSL library was using a block of memory withoutinitializing the memory to a known state--for example, setting theblock's contents to be all zeros. Normally, it's a mistake to usememory without setting it to a known value. But in this case, thatunknown state was being intentionally used by the OpenSSL library tohelp generate randomness.
The uninitialized memory wasn't the only source of randomness:OpenSSL also gets randomness from sources like mouse movements,keystroke timings, the arrival of packets at the network interface, andeven microvariations in the speed of the computer's hard disk. But whenthe programmers saw the errors generated by Valgrind, they commentedout the offending lines--and removed all the sources of randomness usedto generate keys except for one, an integer called the process ID thatcan range from 0 to 32,767.
"Never fix a bug you don't understand!" raved OpenSSL developer Ben Laurie on his blogafter the full extent of the error became known. Laurie blames theDebian developers for trying to fix the "bug" in the version of OpenSSLdistributed with the Debian and Ubuntu operating systems, rather thansending the fix to the OpenSSL developers. "Had Debian done this inthis case," he wrote, "we (the OpenSSL Team) would have fallen aboutlaughing, and once we had got our breath back, told them what aterrible idea this was. But no, it seems that every vendor wants to'add value' by getting in between the user of the software and itsauthor."
Perhaps more disconcerting, though, is what this story tells usabout the security of open-source software--and perhaps about thesecurity of software in general. One developer (who I've been asked notto single out) noticed a problem, proposed a fix, and got the fixapproved by a small number of people who didn't really understand theimplications of what was being suggested. The result: communicationsthat should have been cryptographically protected between millions ofcomputer systems all over the world weren't really protected at all.Two years ago, Steve Gibson, a highly respected security consultant,alleged that a significant bug found in some Microsoft software had more in common with a programmer trying to create an intentional "back door" than with yet another Microsoft coding error.
The Debian OpenSSL randomness error was almost certainly an innocentmistake. But what if a country like China or Russia wanted tointentionally introduce secret vulnerabilities into our open-sourcesoftware? Well concealed, such vulnerabilities might lay hidden foryears.
One thing is for sure: we should expect to discover more of these vulnerabilities as time goes on.
Simson Garfinkel is an associate professor at the navalpostgraduate school in Monterey, CA, and a fellow at the Center forResearch and Computation and Society at Harvard University.
|
| 发表评论
查看评论(共有条评论)
|
| |
|
|
|
