Chapter 6: Hostile Code Guide to Computer Network Security

Chapter 6: Hostile CodeChapter 6: Hostile Code

Guide to Computer Network Security

Kizza - Guide to Computer Network SecuriKizza - Guide to Computer Network Securityty

22

Scripting technology is making the Web Scripting technology is making the Web interactive and automated as Web servers interactive and automated as Web servers accept inputs from users and respond to accept inputs from users and respond to user inputs. user inputs.

It has also introduced a huge security It has also introduced a huge security problem to an already security burdened problem to an already security burdened cyberspace. cyberspace.

Hostile scripts, embedded in Web pages, Hostile scripts, embedded in Web pages, as well as HTML formatted e-mail, as well as HTML formatted e-mail, attachments, and applets introduce a new attachments, and applets introduce a new security paradigm in cyberspace security.security paradigm in cyberspace security.

Security problems are introduced in two Security problems are introduced in two areas: at the server and at the client.areas: at the server and at the client.


33

Introduction to the Common Introduction to the Common Gateway Interface (CGI)Gateway Interface (CGI)

The Common Gateway Interface, or CGI, is The Common Gateway Interface, or CGI, is a standard to specify a data format that a standard to specify a data format that servers, browsers, and programs must use servers, browsers, and programs must use in order to exchange information. in order to exchange information. A program written in any language that A program written in any language that uses this standard to exchange data uses this standard to exchange data between a Web server and a client’s between a Web server and a client’s browser is a browser is a CGI scriptCGI script. . A CGI script is an external gateway A CGI script is an external gateway program to interface with information program to interface with information servers such as HTTP or Web servers and servers such as HTTP or Web servers and client browsers. client browsers.


44

CGI scripts are great in that they allow the CGI scripts are great in that they allow the web servers to be dynamic and interactive web servers to be dynamic and interactive with the client browser as the server with the client browser as the server receives and accepts user inputs and receives and accepts user inputs and responds to them in a measured and responds to them in a measured and relevant way to satisfy the user relevant way to satisfy the user

CGI programs are of two types: those CGI programs are of two types: those written in programming languages such written in programming languages such as C/C++ and Fortran that can be as C/C++ and Fortran that can be compiled to produce an executable compiled to produce an executable module stored on the server, and scripts module stored on the server, and scripts written in scripting languages such as written in scripting languages such as PERL, Java, and Unix shell. PERL, Java, and Unix shell.


55

CGI scripts written in scripting languages CGI scripts written in scripting languages are not complied like those in non-are not complied like those in non-scripting languages. Instead, they are scripting languages. Instead, they are text code which is interpreted by the text code which is interpreted by the interpreter on the information server or in interpreter on the information server or in the browser and run right away the browser and run right away Both CGI programs or scripts, when Both CGI programs or scripts, when executed at the information server, help executed at the information server, help organize information for both the server organize information for both the server and the client. and the client. CGI scripts go beyond dynamic form filling CGI scripts go beyond dynamic form filling to automating a broad range of services to automating a broad range of services in search engines and directories like in search engines and directories like making download available, granting making download available, granting access rights to users, and order access rights to users, and order confirmation. confirmation.


66

CGI Scripts in a Three-Way HandshakeCGI Scripts in a Three-Way Handshake Server – CGI Interface Server – CGI Interface – The CGI scripts reside on the server side and The CGI scripts reside on the server side and

are executed by the server to respond to the are executed by the server to respond to the client demands. client demands.

– An interface in Figure 2, separates the server An interface in Figure 2, separates the server and the script, and consists of information and the script, and consists of information from the server supplied to the script that from the server supplied to the script that includes input variables extracted from an includes input variables extracted from an HTTP header from the client and HTTP header from the client and information from the script back to the server.information from the script back to the server.

– Output information from the server to the Output information from the server to the script and from the script to the server is script and from the script to the server is passed through environment variables and passed through environment variables and through script command lines which inputs through script command lines which inputs that instruct a script to do certain tasks such as that instruct a script to do certain tasks such as search and query. search and query.


77

CGI Script Security Issues CGI Script Security Issues A CGI script is an open gateway that A CGI script is an open gateway that allows anyone anywhere to run an allows anyone anywhere to run an executable program on a server and executable program on a server and even send their own programs to even send their own programs to run on the server. run on the server.

Yet CGI scripting is the fastest Yet CGI scripting is the fastest growing component of the Internetgrowing component of the Internet

It presents security problems to It presents security problems to cyberspace in several ways cyberspace in several ways including:including:


88

– Program developmentProgram development: During program development, CGI : During program development, CGI scripts are written in high level programming language and scripts are written in high level programming language and complied before being executed or they are written in a complied before being executed or they are written in a scripting language and they are interpreted before they are scripting language and they are interpreted before they are executed. In either way, because programming complexity and executed. In either way, because programming complexity and owing to lack of program development discipline, errors owing to lack of program development discipline, errors introduced into the program are difficult to find, especially in introduced into the program are difficult to find, especially in non-compiled scripts. non-compiled scripts.

– Transient nature of execution:Transient nature of execution: When CGI scripts come When CGI scripts come into the server, they run as separate processes from that of into the server, they run as separate processes from that of the host server. Although this is good because it isolates the the host server. Although this is good because it isolates the server from most script errors, the imported scripts may server from most script errors, the imported scripts may introduce hostile code into the server. introduce hostile code into the server.

– Cross-pollination:Cross-pollination: The hostile code introduced into the server The hostile code introduced into the server by a transient script can propagate into other server by a transient script can propagate into other server applications and can even be re-transmitted to other servers applications and can even be re-transmitted to other servers by a script bouncing off this server or originating from this by a script bouncing off this server or originating from this server. server.

– Resource-guzzling:Resource-guzzling: Scripts that are resource intensive could Scripts that are resource intensive could cause a security problem to a server with limited resources. cause a security problem to a server with limited resources.

– Remote execution:Remote execution: Since servers can send CGI scripts to Since servers can send CGI scripts to execute on surrogate servers, both the sending and execute on surrogate servers, both the sending and receiving servers are left open to hostile code usually receiving servers are left open to hostile code usually transmitted by the script. transmitted by the script.


99

All these situations present a possible All these situations present a possible security threat when one breaks into a security threat when one breaks into a script. Broken scripts are extremely script. Broken scripts are extremely dangerous as they:dangerous as they:– May allow an attacker access to the system’s May allow an attacker access to the system’s

password file for decryption.password file for decryption.– May allow mailing of a map of the system May allow mailing of a map of the system

which gives the attacker more time offline to which gives the attacker more time offline to analyze the system’s vulnerabilities analyze the system’s vulnerabilities

– May allow starting a login server on a high port May allow starting a login server on a high port and telneting in.and telneting in.

– May allow a distributed denial of service attack May allow a distributed denial of service attack against the server.against the server.

– May allow erasing or altering the server’s log May allow erasing or altering the server’s log files.files.


1010

Other security threats may include:Other security threats may include:– Malicious code provided by one client Malicious code provided by one client

for another client: This can happen, for for another client: This can happen, for example, in sitesexample, in sites that host discussion that host discussion groups where one client can embed groups where one client can embed malicious HTML tags in a message malicious HTML tags in a message intended for another client. intended for another client.

– Malicious code sent inadvertently by a Malicious code sent inadvertently by a client: Whenclient: When a client sends malicious a client sends malicious data intended to be used only by itself. data intended to be used only by itself. This occurs when the client relies on an This occurs when the client relies on an untrustworthy source of information untrustworthy source of information when submitting a request. when submitting a request.


1111

Web Script Security IssuesWeb Script Security Issues

There are now thousands of Web scripts There are now thousands of Web scripts doing a variety of web services from form doing a variety of web services from form filling to information gathering. Most of filling to information gathering. Most of these scripts either transient or reside on these scripts either transient or reside on Web servers. Web servers. Because of popularity and widespread use, Because of popularity and widespread use, most client and server Web browsers most client and server Web browsers today have the capability to interpret today have the capability to interpret scripts embedded in Web pages scripts embedded in Web pages downloaded from a Web server. downloaded from a Web server. Most browsers are installed with the Most browsers are installed with the capability to run scripts enabled by capability to run scripts enabled by default. default.


1212

Dealing with the Script Security ProblemsDealing with the Script Security Problems

The love of Web automation is not likely to change soon The love of Web automation is not likely to change soon and the future of a dynamic Web is here to stay. and the future of a dynamic Web is here to stay. More and more programs written for the Web are More and more programs written for the Web are interacting with networked clients and servers, raising the interacting with networked clients and servers, raising the fear of a possibility that clients and servers may be fear of a possibility that clients and servers may be attacked by these programs using embedded scripts to attacked by these programs using embedded scripts to gain unauthorized access. gain unauthorized access. It is, therefore, necessary to be aware of the following:It is, therefore, necessary to be aware of the following:– Script command line statements: Scripting languages such as Script command line statements: Scripting languages such as

PERL, PHP, and the Bourne shell pass information needed to PERL, PHP, and the Bourne shell pass information needed to perform tasks through command line statements which are perform tasks through command line statements which are then executed by an interpreter. This can be very dangerous. then executed by an interpreter. This can be very dangerous.

– Clients may use special characters in input strings to confuse Clients may use special characters in input strings to confuse other clients, servers, or scripts. other clients, servers, or scripts.

– Problems with server-side include user-created documents in Problems with server-side include user-created documents in NCSA HTTPd that provide simple information, such as current NCSA HTTPd that provide simple information, such as current date, the file's last modification date, and the size or last date, the file's last modification date, and the size or last modification of other files, to clients on the fly. Sometimes this modification of other files, to clients on the fly. Sometimes this information can provide a powerful interface to CGI. In an information can provide a powerful interface to CGI. In an unfortunate situation, server-side scripts are a security risk unfortunate situation, server-side scripts are a security risk because they let clients execute dangerous commands on because they let clients execute dangerous commands on the server. the server.


1313

To avoid these problems:To avoid these problems:– use only the data from a CGI, only if it use only the data from a CGI, only if it

will not harm the systemwill not harm the system– check all data into or out of the script check all data into or out of the script

to make sure that it is safe.to make sure that it is safe.

Documents

Chapter 6: Hostile Code Guide to Computer Network Security