Trusted application execution

StackOverflow https://stackoverflow.com/questions/4419546

Question

Assume that we have two applications:

MasterApp

SlaveApp

MasterApp is executing SlaveApp with some arguments, fe: slaveapp --param1 100 param2 "hello"

You can't see that directly, but somebody may try to inspect arguments provided to slaveapp, and execute it from console.

I want slaveapp to become executable only by masterapp, so that user can't run it in console mode (or as slave or another app). I was thinking about providing some unique_string and md5(unique_string + salt), but if somebody will inspect arguments he may understand what's goin' on. Is there some way to do it only by providing some unique, trusted argument that can't be used twice (and there is no resource sharing like files with private/ public keys etc)?

Was it helpful?

Solution

It is basically impossible to avoid replay attacks if your communication channel only goes master -> slave. Signing the request with a timestamp in it could help, but even that isn't perfect (especially if the attacker has some control of the clock).

The better strategy is to establish a two-way communication between master and slave. I'm not sure what language you're working in, but usually there's a way for the master to talk to the slave after it is forked, other than just the command line.

Using that channel, you can have the slave generate a random nonce, send that to the master, have the master sign it, send it back to the slave, and check the signature in the slave.

OTHER TIPS

How about just encrypting the paramaters passed with a pre-defined encryption key and including a check_string of some type (i.e. EPOCH time). Then decode the paramaters in salveapp and verify the check_string (in this example that EPOCH time) is within a certain range or is a certain value.

Here is a simple ruby example, its in a single file so you would need to modify it to handel command line arguments ect. 

require 'openssl'
require 'digest/sha1'
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
c.encrypt
# your pass is what is used to encrypt/decrypt
c.key = key = Digest::SHA1.hexdigest("1094whfiubf9qwer8y32908u3209fn2032")
c.iv = iv = c.random_iv
e = c.update("#{Time.now.to_i}")
e << c.final
puts "encrypted: #{e}\n"


#sleep(15) #if you uncomment this the validation will fail.
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
c.decrypt
c.key = key
c.iv = iv
d = c.update(e)
d << c.final
if(Time.now.to_i - d.to_i < 10)
    puts "decrypted: #{d}\n"
    puts "Validated EPOCH Time"
else
    puts "Validation FAILED."
end

Make sure the slave app is owned by the same user the master app runs as, and make sure it's not world readable or executable.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top