Dave Dean wrote:
Hi all,
I'm just starting out in sockets/network programming, and I have a very
basic question...what are the 'security' implications of opening up a
socket? For example, suppose I've written a simple chat server and chat
client. The server opens a socket, listens on a port, and accepts incoming
connections. The clients open a socket and connect to the server. If the
server receives a message from a client, it sends that message out to every
client. When a client receives a message, it places it in a text widget.
So...are there inherent dangers in doing this? I have no real security
concern in the actual application, but can an open socket somehow allow
someone access to the rest of the computer? Is the 'security' of the socket
handled at the OS level (or within the socket module)?
I realize this isn't necessarily a Python question, but I wrote my
application in Python and I'm not sure where to start. I'll repost this
elsewhere if someone points me towards a more relevant group.
It's something that all Python network newbies would like to know about
(and OUGHT to know about), so it's a valid question.
Essentially all opening a server socket does is to allow anyone who can
connect to send data to your process. The difficulties usually begin
when your process doesn't handle it in a secure way.
Typically in a language like C this will involve failing to check its
length, thereby allowing a malicious user to send an over-length input
and (since local variables in CC are held on the stack) overwriting
crucial data like function return addresses.
Such exploits can be used to inject code into your process and have it
run. Since server processes often run at a high level of privilege, so
does the exploit code.
Another way you can introduce vulnerabilities into your code is to craft
inputs that, when incorporated into system calls, maliciously change the
intent of your code. So suppose you had a command to allow a user to
ping another computer, you might do (something like)
os.system("ping "+address)
where the address is what the user types in. However, if the user types
in something like
192.168.12.13 ; rm /etc/passwd
then your call becomes
os.system("ping 192.168.12.13; rm /etc/passwd")
and executes two shell statements, the second of which is rather
destructive.
So, as long as you aren't passing any user data to the operating system
in any way shape or form you are probably in reasonably good shape. But
this is easier to do than you might imagine, and you always need to ask
yourself what the downside potential of malicious inputs might be.
Python's libraries are well written by and large, and the language
itself checks the bounds of all data structure accesses, making buffer
overflow exploits of the type I described much less of a risk, but the
OS vulnerabilities still remain for you to avoid by careful coding.
regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd
http://www.holdenweb.com
Skype: holdenweb
http://del.icio.us/steve.holden
------------------ Asciimercial ---------------------
Get on the web: Blog, lens and tag your way to fame!!
holdenweb.blogspot.com squidoo.com/pythonology
tagged items: del.icio.us/steve.holden/python
All these services currently offer free registration!
-------------- Thank You for Reading ----------------
