la ejecución de aplicaciones de confianza

https://stackoverflow.com/questions/4419546

08-10-2019
|

Pregunta

Supongamos que tenemos dos aplicaciones:

MasterApp

SlaveApp

MasterApp está ejecutando SlaveApp con algunos argumentos, Fe: slaveapp --param1 100 param2 "hello"

No se puede ver que directamente, pero alguien puede tratar de inspeccionar los argumentos proporcionados a slaveapp, y ejecutarlo desde la consola.

Quiero slaveapp para convertirse ejecutable solamente por masterapp, de manera que el usuario no puede ejecutar en modo consola (o como esclavo o otra aplicación). Estaba pensando en proporcionar alguna unique_string y md5(unique_string + salt), pero si alguien va a inspeccionar los argumentos que pueda entender lo que está pasando sucesivamente. ¿Hay alguna manera de hacerlo solamente proporcionando un argumento único, confiado en que no puede ser utilizado dos veces (y no hay intercambio de recursos como archivos con claves privadas / públicas, etc.)?

Solución

It is basically impossible to avoid replay attacks if your communication channel only goes master -> slave. Signing the request with a timestamp in it could help, but even that isn't perfect (especially if the attacker has some control of the clock).

The better strategy is to establish a two-way communication between master and slave. I'm not sure what language you're working in, but usually there's a way for the master to talk to the slave after it is forked, other than just the command line.

Using that channel, you can have the slave generate a random nonce, send that to the master, have the master sign it, send it back to the slave, and check the signature in the slave.

Otros consejos

How about just encrypting the paramaters passed with a pre-defined encryption key and including a check_string of some type (i.e. EPOCH time). Then decode the paramaters in salveapp and verify the check_string (in this example that EPOCH time) is within a certain range or is a certain value.

Here is a simple ruby example, its in a single file so you would need to modify it to handel command line arguments ect.

require 'openssl'
require 'digest/sha1'
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
c.encrypt
# your pass is what is used to encrypt/decrypt
c.key = key = Digest::SHA1.hexdigest("1094whfiubf9qwer8y32908u3209fn2032")
c.iv = iv = c.random_iv
e = c.update("#{Time.now.to_i}")
e << c.final
puts "encrypted: #{e}\n"


#sleep(15) #if you uncomment this the validation will fail.
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
c.decrypt
c.key = key
c.iv = iv
d = c.update(e)
d << c.final
if(Time.now.to_i - d.to_i < 10)
    puts "decrypted: #{d}\n"
    puts "Validated EPOCH Time"
else
    puts "Validation FAILED."
end

Make sure the slave app is owned by the same user the master app runs as, and make sure it's not world readable or executable.

Licenciado bajo: CC-BY-SA con atribución

No afiliado a StackOverflow