• Welcome to Valhalla Legends Archive.
 

RMI and security

Started by iago, January 26, 2004, 09:47 AM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

iago

January 26, 2004, 09:47 AM
There are some RMI functions that I have in this code that seem to have security problems.  How difficult is it, without knowledge of function names, or parameters, or anything like that, to be able to execute arbitrary RMI commands on a machine?

The set up right now is internet <--> Frodo <--> dev2, where frodo and dev2 communicate with rmi calls.  As it stands, they are on a test network (not the internet), but dev2 can also be seen from the rest of the network.

now, at least a couple of the functions have code like this to transfer a file to dev2 from frodo:
Code Select
       public void putFile(File fName, byte[] fBytes) throws RemoteException
       {
               verifyUser();
               fName = makeSpacesIntoUnderscore(fName);
               verifyFile(fName);

               try
               {
                       FileOutputStream fos = new FileOutputStream(fName);
                       fos.write(fBytes);
                       fos.close();
                       giveFile(fName);
               }

verifyFile just makes sure the filename is non-null.  giveFile() looks like this:
Code Select
      private void giveFile(File target) throws RemoteException, IOException
       {
               rt.exec("chown "+userName+" "+target.toString() );
       }

Although the filename is checked on the client, it is not checked on the server.  So bottom line is this:
If somebody can execute arbitrary RMI calls, they will be able to not only upload, but execute an arbitrary file with root permissions.  

Should I be worried? :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

iago

#1
January 27, 2004, 11:43 AM
This worries me more:

The ip for dev2 is passed to a Servlet in a form (don't ask why; it pretty much has to be done like this).

Is it a danger that somebody could change that ip to some third party computer and bounce the packets back, modifying their contents?  Should this be a concern?
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Banana fanna fo fanna

#2
January 27, 2004, 05:26 PM Last Edit: January 27, 2004, 05:26 PM by St0rm.iD
You really should stop using RMI :) You're quickly discovering why no one uses it outside of a firewall. It's slow, a pain, and not secure.

May I suggest XML-RPC?

iago

#3
January 27, 2004, 08:24 PM
It would be a huge task to move away from RMI.  I'll just have to talk to the admins tomorrow about how it'll be firewalled to make sure this is safe.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Banana fanna fo fanna

#4
January 28, 2004, 05:32 PM
Deep in the docs for RMI, you'll find something about writing your own transport for RMI. Perhaps there lies the answer.
Print
|
Go Up Pages1
User actions