Skip to content

Archives

TaintBochs, and oil

Security: A very interesting security paper — Understanding Data Lifetime via Whole System Simulation. It combines virtual machines with data-flow tracking (a la perl’s ‘taint’ mechanism, after which this site is named ;)

By modifying the Bochs VM to support tracking ‘tainted’ data, they found several cases in popular apps (Mozilla, emacs, and MSIE) where passwords entered from the keyboard are retained in memory, and thereby wind up on disk due to swapping.

This has been a known issue for a long time — see the source for passwd.c from the ‘shadow’ package — but aside from security-naive developers, several other factors have made it more complex recently:

  • recent too-smart compilers will optimise away memset()
    • buffer-zeroing unless you’re careful (oops!)
      • Input buffers and event queues are a problem; password data from the keyboard will often persist in the kernel, window system, and application event queue buffers.
      • Abstractions cause many needless copies of tainted strings. Mozilla’s abstraction layers even include a string-copy to the heap to perform a string comparison operation, ouch ;)

In general, they suggest more use of buffer zeroing, even for low-level buffers that might not seem to require it (such as the X server’s event queue, and the kernel input buffers).

BTW, a similar system they didn’t mention is the Sidewinder firewall appliance, which uses what they call ‘Type Enforcement’ — effectively, tainting the data based on which network interface it arrived on.

Overall, a very nifty paper. I wonder if Tal Garfinkel is related to Simson? ;)

Oil: a MeFi gem: expert opinion on depletion of the oil reserves. ‘Simmons, Campbell, even the Iranian Bakhtiari agreed that the real situation of Saudi reserves is very bad. … Not a rosy picture, even for optimists.’

Patents: Transcript of the rms talk from a couple of weeks ago.