Basic question about sockets and security
Steve Holden
steve at holdenweb.com
Mon May 7 07:28:00 EDT 2007
Dave Dean wrote:
> Hi all,
> I'm just starting out in sockets/network programming, and I have a very
> basic question...what are the 'security' implications of opening up a
> socket? For example, suppose I've written a simple chat server and chat
> client. The server opens a socket, listens on a port, and accepts incoming
> connections. The clients open a socket and connect to the server. If the
> server receives a message from a client, it sends that message out to every
> client. When a client receives a message, it places it in a text widget.
> So...are there inherent dangers in doing this? I have no real security
> concern in the actual application, but can an open socket somehow allow
> someone access to the rest of the computer? Is the 'security' of the socket
> handled at the OS level (or within the socket module)?
> I realize this isn't necessarily a Python question, but I wrote my
> application in Python and I'm not sure where to start. I'll repost this
> elsewhere if someone points me towards a more relevant group.
It's something that all Python network newbies would like to know about
(and OUGHT to know about), so it's a valid question.
Essentially all opening a server socket does is to allow anyone who can
connect to send data to your process. The difficulties usually begin
when your process doesn't handle it in a secure way.
Typically in a language like C this will involve failing to check its
length, thereby allowing a malicious user to send an over-length input
and (since local variables in CC are held on the stack) overwriting
crucial data like function return addresses.
Such exploits can be used to inject code into your process and have it
run. Since server processes often run at a high level of privilege, so
does the exploit code.
Another way you can introduce vulnerabilities into your code is to craft
inputs that, when incorporated into system calls, maliciously change the
intent of your code. So suppose you had a command to allow a user to
ping another computer, you might do (something like)
os.system("ping "+address)
where the address is what the user types in. However, if the user types
in something like
192.168.12.13 ; rm /etc/passwd
then your call becomes
os.system("ping 192.168.12.13; rm /etc/passwd")
and executes two shell statements, the second of which is rather
destructive.
So, as long as you aren't passing any user data to the operating system
in any way shape or form you are probably in reasonably good shape. But
this is easier to do than you might imagine, and you always need to ask
yourself what the downside potential of malicious inputs might be.
Python's libraries are well written by and large, and the language
itself checks the bounds of all data structure accesses, making buffer
overflow exploits of the type I described much less of a risk, but the
OS vulnerabilities still remain for you to avoid by careful coding.
regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden
------------------ Asciimercial ---------------------
Get on the web: Blog, lens and tag your way to fame!!
holdenweb.blogspot.com squidoo.com/pythonology
tagged items: del.icio.us/steve.holden/python
All these services currently offer free registration!
-------------- Thank You for Reading ----------------
More information about the Python-list
mailing list