Help-Site Computer Manuals
Software
Hardware
Programming
Networking
  Algorithms & Data Structures   Programming Languages   Revision Control
  Protocols
  Cameras   Computers   Displays   Keyboards & Mice   Motherboards   Networking   Printers & Scanners   Storage
  Windows   Linux & Unix   Mac

Safe::Logs
Perl extension to avoid terminal emulator vulnerabilities

Safe::Logs - Perl extension to avoid terminal emulator vulnerabilities



NAME

Safe::Logs - Perl extension to avoid terminal emulator vulnerabilities


SYNOPSIS


  use Safe::Logs;               # Always override warn() and die()

  use Safe::Logs qw(:all);      # override eveything this module knows

  use Safe::Logs qw(:Carp);     # Only override Carp:: methods

  use Safe::Logs qw(:Syslog);   # Only override syslog()

  use Safe::Logs qw(protect);   # protect() for use on your own

                                # Or combine a few

  use Safe::Logs qw(:Syslog :Carp);


DESCRIPTION

As shown by the people at Digital Defense, there are a number of vulnerabilities that can be remotely exploited in the terminal emulators that are so common today. These vulnerabilities might allow an attacker to execute arbitrary commands by a number of methods. The easiest one, illustrated on http://www.digitaldefense.net/labs/papers/Termulation.txt shows how to compromise a remote host by sending carefully chosen requests that end up in log files. It is then a matter of time for an innocent command such as


    tail -f poisoned.log

To wreak havoc in your system.

You must use this module as the last in the list so that it can override the methods exported from other modules.

This module is a quick solution for this vulnerability. What it does is very simple: It replaces ocurrences of the ESC character in the output of any common logging mechanism such as use warnings, warn, use Carp and die.

It does so by overriding the functions with a safer alternative so that no code needs to be changed. Hopefully this will be followed by better solutions from other Perl developers.

Note that in order for this protection to be effective, this module must be used as the last module (ie, after all the modules it can override) in order for proper method replacement to occur.

The protection can also be invoked by the protect method, which takes a list of arguments and returns the same list, with all ESC characters safely replaced. This method is provided so that you can call it by yourself.

Tipically, you will want to issue an use Safe::Logs qw(:all) after the last module is used in your code, to automatically benefit from the most common level of protection agains the attacks describen in the paper.

The list of methods or functions that this module replaces are as follows.

CORE::warn
The standard Perl warn().

CORE::die
The standard Perl die().

Carp::carp
Carp::croak
Carp::confess
Carp::cluck
All the methods from Carp are overridden by this module.

Sys::Syslog
Unix::Syslog
The known and common syslog() calls are automatically overridden by this module.

warnings::warn
warnings::warnif
Calls from warnings:: are automatically overridden by this module.

EXPORT

Many. The methods are exported or overridden according to this


  main::warn()          -       Always overridden

  main::die()           -       Always overridden

  warnings::warn()      -       Always overridden

  warnings::warnif()    -       Always overridden

  Carp::croak()         -       Only exported with :Carp or :all

  Carp::carp()          -       Only exported with :Carp or :all

  Carp::confess()       -       Only exported with :Carp or :all

  Carp::cluck()         -       Only exported with :Carp or :all

  main::syslog()        -       Only exported with :Syslog or :all

  protect()             -       Only exported with 'protect' or :all


HISTORY

  1. 01
  2. Original version; created by h2xs 1.2 with options
    
      -ACOXcfkn
    
            Safe::Logs
    
            -v
    
            0.01


AUTHOR

Luis E. Muņoz <luismunoz@cpan.org>


SEE ALSO

perl(1), Carp(3), warnings(3), Sys::Syslog(3), Unix::Syslog(3), Termulation.txt.

Programminig
Wy
Wy
yW
Wy
Programming
Wy
Wy
Wy
Wy