Part II: Do not let the vulnerability endanger the application security
Introduction: In this part of the security discussion, Todd Sundsted and we discussed application security issues. Minor errors in program development may have a big security issue to developers and users. Todd will show how to design and implement this most common security vulnerability, and describe how to avoid these issues. He also provided a vulnerability from Sun's own JDK.
most
Software developers can realize the threats of malicious or just curious hackers, but very little developers recognize how much affects the impact of them in unintentional vulnerabilities in the program. These vulnerabilities brought to the program undoubtedly, helping the so-called hackers.
In January this year, a German software developer confirmed that there was a vulnerability with a serious security hazard in the database InterBase in the recently developed source code product. The vulnerabilities in this Interbase version can even be traced back to 1994!
This back door that exists on the login name and password verification form is not intentionally. However, it is the problem of improper design in InterBase developers. This program uses naming and password verification to control the Interbase access database.
Although this error shows an extreme list, it is very important: as a developer, for our application's overall security, our design and code implementation are very critical. Also, as shown above, the vulnerability of the developer in the program may affect the user's reached the year.
·review
Last time, we discussed us to check three security issues. Although these problems are not the same, it often requires comprehensive considerations in three aspects. Developers of Java programs must understand them from these three aspects.
The security problem of the solution is important for its products.
Java and non-Java developers are familiar with such a most well-known security issue, that is, virtual machine security. This comes from a lot of attention for JVM and runtime environments. Virtual machine security includes JVM and providing a supported runtime environment. In the past few years, virtual machine security issues have been strengthened and have received good attention.
Recently, due to the smaller vulnerabilities in the JVM, most programming persons have been safely turned from Java virtual machines to applications running on them. And most Java programmers will significantly affect Java security at this level. In this regard, it is necessary to handle design decisions and unexpected problems that may occur in development. Of course, not all such vulnerabilities will endanger the application security. We will concentrate on the vulnerabilities that can hazard the procedures.
The last one's problem,
Network security issues, its network-based procedures and program components communication issues are a food tright point in security issues. Reproduction, not all the vulnerabilities introduced here will endanger security, we only pay attention to those who can endanger security.
Last time we discussed how virtual machine security issues and demonstrates how VM security can appear and destroy. Now, I will discuss the application security. Here, I raise a class that has a loophole to help you avoid such problems. I will include the List that is recently found in the SUN's code.
It is easy to list a list of various error designs and a list of implemented, which is only one of them. But I will define and describe a classification directory for most Java programs security weaknesses. This directory is mainly divided into two major blocks: "Relevant" and "Design Related" vulnerabilities.
· Implement related vulnerabilities:
Realization related vulnerabilities are usually brought into the program when implementing the code. This is usually caused by the code writing of the thick branches, which is not sufficient enough to understand the demand, and unskilled programming skills. Realization related vulnerabilities are often hidden due to insufficient tests and review. However, if the system is well design, you can correct these vulnerabilities without changing the design:
· Timing question:
The most harmful timing problem is the problem of resource competition. Such a problem occurs when two threads that have not been properly synchronized simultaneously compete for the same resource. In these two mutually affected threads or in unminerable, invalid states, or when the malicious code is used by another thread, the security vulnerability will appear when it is not protected by another thread. . The usual solution is simple plus synchronous measures. · Insufficient input check:
The input of the system must be inspected before use. Although some inputs come from trust sources, all of these inputs should be seen as untrusted, hazardous sources for security considerations. Infine inspections may bring a lot of serious security weaknesses.
· Improper random:
A good encryption system requires a high quality random number generator. A large amount of security vulnerability in Netscape Navigator is directly from inappropriate random number generators. The effective key generated by the random number generator does not meet the length of the proposed, and the result is easy to be crack.
· Design defects:
The security issues derived from the implementation are very bad, but the worst case is due to the long-term consideration of the design, the understanding of the language and the library is not sufficient. This vulnerability usually makes the program logic unclear, it must take a lot of time and patience to go to it, even if this will be very difficult. The interbase vulnerability mentioned above is an excellent list.
· Initialization problem:
Everyone knows "new" operation is not the only way to create new columns. Methods like clones can also create new columns. You can create a list of unconventional methods to make a chaos.
· Society and scalability issues:
Visibility (class or whether its member is public or private), the scalability (subclass can inherit a class or method) provides a very important tool for software developers. However, this will also cause some subtle vulnerabilities if not used.
In the subclass of the subclass, a subclass can change the convention and definition of inheritance. The expansion code uses some own agreement to destroy the program security. The solution is to use the "Final" keyword reasonably to prevent subclasses from being redefined.
Similarly, you can use the keyword "private" to prevent the class internal process and status from being modified, it may expose the interior details of the class to the category that is then added to the package.
· Never place "back door":
Interbase design gives us such a list. You can't have any back door code in the program. These codes are usually a form that is located at the password checksum and encrypted data. This is not obstacted for a stubborn hacker. Once the back door is cracked, "Pandora's Magic Box" is open.
· Sun himself will make mistakes:
I respect Sun's engineer. However, although they are all very talented people, it is still like you.
On February 23, Sun announced that it found a vulnerability in JDK. Below is their statement:
"Vulnerabilities in some Java runtime versions may allow malicious Java code to perform unauthorized commands. However, malicious command code must have obtained the authorization of code execution."
If this code is given to at least one executable command (such as Echo) in some environment, this vulnerability will allow the Java code that is not trusted to activate any executable commands (such as formatting format). Such errors are likely to hide for a long time without being discovered.
Let's take a look at the specific code: This vulnerability is located in the EXEC () method in the java.lang.Runtime class:
Public process exec (String [] ArstringCommand, String [] ARSTRINGENVIRONMENT)
Throws oException
{
// EnSure That The Array Parameters Aren't Null, Their Elements
// aren't null, etc ..
.
.
// do some stuff.
.
.
.
// Get The security manager.
SecurityManager securityManager = system.getsecuritymanager ();
// Check the first element of the commit array - Which should
// be the name of the executable to invoke. Ensure That It HAS
// Executable Privilege.
IF (SecurityManager! = NULL)
SecurityManager.Checkexec (ArstringCommand [0]);
// Now, Invoke the executable.
Return EXECINTERNAL (ARSTRINGCOMMAND, ARSTRINGENVIRONMENT);
}
Did you see the problem?
This error is located in the last three rows (except for comments and spaces). First, the security manager checks the executive name to see if it is executed in the configuration file. Next, the code executes the command. Ouch! In a multi-threaded environment, the parameter array content can be changed between these two steps. Since these two input parameter arrays are used directly, the caller is still grasping their reference and can modify their content.
Correct: Immediately copy the input array and operate in the copy.
· Back to the best exercise:
Through vintage software development exercises, you can find a lot of vulnerabilities that lead to security issues. Clear demand, strict design verification, complete code verification, and through detailed testing can dig out a lot of vulnerabilities and further improve software overall quality.
