Basic question about sockets and security

Steve Holden steve at holdenweb.com
Mon May 7 07:28:00 EDT 2007 

Dave Dean wrote:
> Hi all,
>   I'm just starting out in sockets/network programming, and I have a very 
> basic question...what are the 'security' implications of opening up a 
> socket?  For example, suppose I've written a simple chat server and chat 
> client.  The server opens a socket, listens on a port, and accepts incoming 
> connections.  The clients open a socket and connect to the server.  If the 
> server receives a message from a client, it sends that message out to every 
> client.  When a client receives a message, it places it in a text widget.
>   So...are there inherent dangers in doing this?  I have no real security 
> concern in the actual application, but can an open socket somehow allow 
> someone access to the rest of the computer?  Is the 'security' of the socket 
> handled at the OS level (or within the socket module)?
>   I realize this isn't necessarily a Python question, but I wrote my 
> application in Python and I'm not sure where to start.  I'll repost this 
> elsewhere if someone points me towards a more relevant group.

It's something that all Python network newbies would like to know about 
(and OUGHT to know about), so it's a valid question.

Essentially all opening a server socket does is to allow anyone who can 
connect to send data to your process. The difficulties usually begin 
when your process doesn't handle it in a secure way.

Typically in a language like C this will involve failing to check its 
length, thereby allowing a malicious user to send an over-length input 
and (since local variables in CC are held on the stack) overwriting 
crucial data like function return addresses.

Such exploits can be used to inject code into your process and have it 
run. Since server processes often run at a high level of privilege, so 
does the exploit code.

Another way you can introduce vulnerabilities into your code is to craft 
inputs that, when incorporated into system calls, maliciously change the 
intent of your code. So suppose you had a command to allow a user to 
ping another computer, you might do (something like)

   os.system("ping "+address)

where the address is what the user types in. However, if the user types 
in something like

   192.168.12.13 ; rm /etc/passwd

then your call becomes

   os.system("ping 192.168.12.13; rm /etc/passwd")

and executes two shell statements, the second of which is rather 
destructive.

So, as long as you aren't passing any user data to the operating system 
in any way shape or form you are probably in reasonably good shape. But 
this is easier to do than you might imagine, and you always need to ask 
yourself what the downside potential of malicious inputs might be.

Python's libraries are well written by and large, and the language 
itself checks the bounds of all data structure accesses, making buffer 
overflow exploits of the type I described much less of a risk, but the 
OS vulnerabilities still remain for you to avoid by careful coding.

regards
  Steve
-- 
Steve Holden        +1 571 484 6266   +1 800 494 3119
Holden Web LLC/Ltd           http://www.holdenweb.com
Skype: holdenweb      http://del.icio.us/steve.holden
------------------ Asciimercial ---------------------
Get on the web: Blog, lens and tag your way to fame!!
holdenweb.blogspot.com        squidoo.com/pythonology
tagged items:         del.icio.us/steve.holden/python
All these services currently offer free registration!
-------------- Thank You for Reading ----------------

More information about the Python-list mailing list