guest

where did the cookies go?

Not always, but more frequently than never, I manage Firefox’s cookies by hand. Seeing what’s set, clearing out some I don’t like. Recently I discovered the button to do so in the Preferences dialog had disappeared from the Privacy tab.

Where did it go? It’s hiding under the history section. You have to change Firefox will: “Remember history” to “Use custom settings for history” and then the “Show Cookies...” button reappears. Because that totally makes sense. Just looking at cookies clearly requires that I also change to custom history settings.

Posted 2014-12-15 06:01:21 by tedu Updated: 2014-12-15 06:01:21
Tagged: rants software web

random in the wild

A bit of commentary for some selected examples from Theo’s random hunt. Mostly a post commit justification for the great posix violation.

Before we get to the fun parts, though, a bit of serious commentary. The rand and random functions are specified by C and POSIX, respectively, to have initial seeds of 1 and to be reseedable via srand and srandom. That has been interpreted to mean that the same seed must always produce the same sequence, but the actual guarantee is quite a bit weaker than that. The C standard says very little about the rand algorithm, and POSIX doesn’t add much except random must be “a non-linear additive feedback random-number generator”. The key point, however, is that there are many such generators, all of which produce different sequences even with identical seeds. Different operating systems are not guaranteed to produce the same sequence. In fact, repeated executions of the same program are not guaranteed to produce the same sequence. Each execution could pick different internal multipliers. Or a fully conforming implementation may well contain seed ^= getpid() at the top of srandom. Repeatable within the program, but not afterwards. The same sequence language only applies within the execution of a single process. Any program which depends on generating the same sequence with the same seed after multiple executions is in fact depending on undocumented, nonstandard, implementation specific behavior. Here’s a nickel kid; get a better language lawyer.

Continue reading random in the wild...

Posted 2014-12-09 12:40:46 by tedu Updated: 2014-12-10 02:38:13
Tagged: rants software

libc version 78

OpenBSD libc is now at version 78.0, featuring a good mix of features. Something old, something new, something different.

old

The setkey and encrypt functions were deleted. Traditionally, they implement the DES algorithm, however the the standard doesn’t mandate any algorithm, meaning interoperability is not guaranteed. XOR would satisfy the requirement, for instance. It’s not really possible to use a much better algorithm, however, because the block size is fixed at 64 bits (expressed as 64 bytes, because that’s convenient), which rules out AES. Switching to blowfish just doesn’t seem worth it, given that the interface only supports a global key. The good news is that out of the ports tree, only one program used these functions. claws mail encrypts users’ passwords with the key “passkey0”. Hope that wasn’t a secret.

The cfree function was also removed. It was added long ago to be compatible with SunOS. SunOS is dead; so is the software written for it.

new

SipHash was added to libc. It’s been in the kernel for a little while, slowly replacing other ad hoc hash functions. It’s faster than algorithms like MD5 or SHA, but less predictable than simpler functions like add and shift or FNV due to the introduction of a random key. Although the round counts are variable, we’ve standardized on 2/4 as a good enough mix. Easily changed later if it becomes necessary, but we’d like to keep things fast so that SipHash24 becomes the goto default hash function.

guenther@ added one more at syscall, chflagsat, which is like fchmodat, etc. Gotta have ‘em all.

different

deraadt@ decided that another fix for programs relying on bobo rand calls for randomness is to simply break the standard and give them what they’ve been hoping for all along.

Posted 2014-12-08 21:46:46 by tedu Updated: 2014-12-08 21:46:46
Tagged: openbsd

checking up on realloc efficiency

It’s been a few years since realloc was fixed but occasionally things change, so it’s good to check up on them to make sure there aren’t any regressions. In fact, at the time of the fix, I didn’t even have a complete test case. Now I do.

I wanted to verify two things. First, that separate malloc calls would be randomly spaced. We don’t want them getting all bunched up together or running consecutively in memory. Second, that realloc would be able to grow regions instead of continuously allocating new ones and copying data around.

The test consists of allocating an array of pointers, then randomly picking one pointer and growing it by a random amount.

Continue reading checking up on realloc efficiency...

Posted 2014-12-04 01:13:28 by tedu Updated: 2014-12-04 07:13:09
Tagged: c openbsd programming

the long tail of MD5

Everybody knows that MD5 is as terribly useless as ROT13 and you should have switched to SHA3-512 like twenty years ago. But lots of usage sticks around, and will continue to stick around for a long time to come, leading to the long tail of MD5. Why not simply convert to a better hash function? Maybe it’s not so simple.

TCP ISN

Long ago, people started to realize that tcp_iss += 65536 wasn’t as unpredictable as previously thought. (Around the same time, they also started to realize that rlogin wasn’t as secure as previously thought.) Pure random ISNs would be awesome, but they have a tendency to repeat, causing spurious connection failures when new ISNs land in the window of old connections. What’s needed is a per {srchost:port:dsthost:port} tuple counter that increments at 64k. That would require a lot of counters, however; enter RFC 1948 Defending Against Sequence Number Attacks. There’s a single global counter that increments, but it’s randomly offset by hashing the tuple.

Continue reading the long tail of MD5...

Posted 2014-12-03 22:22:41 by tedu Updated: 2014-12-07 05:15:55
Tagged: security software

timing attacks vs hash tables

First, start with there are no good constant-time data structures. After reading the HN thread, I wanted to see if the attack was truly viable. Can we recovery a JSESSIONID? My previous efforts attacking Lua took a slightly different tack.

To start, we need a vulnerable server. Worst case would be a simple hash table with chaining, such as one might build with the BSD queue macros. We’ll use a very simple hash function to make controlling the bucket simpler. And, of course, strcmp.

I’m exploiting some of my own knowledge attacking this server. For instance, I know there’s only four buckets, and I know the hash function, and I know the correct token values. The purpose wasn’t to build a fully weaponized attack, just to identify what timing irregularities may exist.

Continue reading timing attacks vs hash tables...

Posted 2014-12-03 08:51:49 by tedu Updated: 2014-12-03 09:21:13
Tagged: c programming security web

memcpy vs memmove

A few notes about memcpy vs memmove and some related items as well.

memcpy

The C standard specifies two functions for copying memory regions, memcpy and memmove. The important difference is that it is undefined behavior to call memcpy with overlapping regions. One must use memmove for that. As the names imply, memcpy copies data from one region to another, while memmove moves data within a region. (It’s also perfectly acceptable to memmove between different regions.)

This subtle but important distinction allows memcpy to be optimized more aggressively. In the case of memmove between overlapping regions, care must be taken not to destroy the contents of the source before they are done copying. This is easiest to see with a naive implementation of a copy loop.

Continue reading memcpy vs memmove...

Posted 2014-12-01 17:16:56 by tedu Updated: 2014-12-01 17:41:11
Tagged: c openbsd programming

Alpha House

As more or less direct competition for Netflix’s House of Cards, Amazon has Alpha House. It’s a comedy, but still manages to capture a lot of what’s wrong with modern politicking. Gary Trudeau’s involvement helps. It may even be a more accurate portrayal in some ways, because it’s not laser focused on power and corruption. The light hearted approach leaves room for some less diabolical absurdity.

There are some long running plot lines, but for the most part it’s much more episodic. Curiously it retains much of the TV format, including a title sequence introducing each character. It’s hard to imagine a viewer “tuning in” to the middle of the series and needing such an intro. All the episodes are available online; why would anyone not start with the first?

Amazon also had a one season run of a show called Betas which I thought was nearly as biting in its parody as Silicon Valley. Amazon may not yet be a first rate producer, but I’ve been impressed with the quality of what they’re turning out in tier two.

Posted 2014-11-26 03:23:12 by tedu Updated: 2014-11-26 03:23:12
Tagged: moviereview politics

retiring crypt

The crypt function is a unix classic. Unfortunately, its age is showing. It’s an interface from another time, out of place on modern systems, and it’s time for OpenBSD to move on.

crypt

Continue reading retiring crypt...

Posted 2014-11-20 15:15:22 by tedu Updated: 2014-12-12 07:32:38
Tagged: openbsd software

the trouble with python and SNI

Server Name Indication is a TLS extension that allows the client to tell the server what hostname it would like to talk to. It solves, in theory, one of the issues with moving a web server with many virtual hosts to https: different hostnames need different certs.

Unfortunately, python 2.7 doesn’t support SNI much to my regret. Thanks to an HN comment I was pointed to a python issue. The problem has been known about for five years, but fixing things isn’t the python way. Finally, somebody saw the light which led to PEP 466. Current status: partially implemented.

Where does this leave me? I could upgrade to python 3.4, but none of the auxiliary libraries I need (notably py-feedparser) are available as OpenBSD packages except for versions built against 2.7. Or I can wait for python 2.7.9, although as a practical matter that would also mean upgrading OpenBSD and everything else (and likely not until May) so maybe I’d rather not. And that’s if 2.7.9 actually includes working SNI support. Digging through the issue tracker, it sounds like only optional support will be included, and programs will need to be changed and updated as well. It’s very important that upgrades don’t make things work by accident.

There is also the inject_into_urllib3 approach which I’m honestly kind of scared of, but it could work.

Instead my solution was to change the Duo blog’s URL to a file on disk, fetched by ftp running out of cron.

Posted 2014-11-16 07:28:14 by tedu Updated: 2014-12-05 03:12:16
Tagged: python rants software