Memory locking behavior issues

March 21st, 2008 — Apple, Coding, Cryptography, Security

This is nothing new, and it’s strictly what the POSIX specification warns about mlock() & munlock(). As you may already know, mlock() locks memory to prevent it from being swapped to disk (for example, if you require cryptographic secrets such as encryption keys to be memory resident during system stress, preventing resilience on disk and other media). munlock() does exactly the opposite: it unlocks memory.

The problem is that both functions don’t necessarily work in the same manner across different implementations. The address parameter to both might be required to be page-aligned (rounded up to the size of a memory page, for example 4096 bytes in x86).

What happens if we supply a non-page aligned memory address? If the implementation rounds up by default, we will be either locking a whole page or unlocking it, if we use mlock() or munlock() respectively. That means all the memory contents within the same page will be affected. This might not be an issue during locking, but when you are unlocking, it’s a different situation… we might expose data that was supposed to remain locked and compromise other secrets.

Continue reading →

No Comments

NetBSD, architecture-dependent issues and forthcoming projects

January 22nd, 2008 — Coding, Security

We’ve been talking to a kernel developer of the NetBSD project (probably the most portable operating system out there), regarding its security status and some potential enhancements.

While reading through the secmodel securelevel source, we spotted this interesting snippet:

case KAUTH_REQ_SYSTEM_TIME_SYSTEM: {

 struct timespec *ts = arg1;
 struct timeval *delta = arg2;

/*
  * Don't allow the time to be set forward so far it will wrap
  * and become negative, thus allowing an attacker to bypass
  * the next check below.  The cutoff is 1 year before rollover
  * occurs, so even if the attacker uses adjtime(2) to move
  * the time past the cutoff, it will take a very long time
  * to get to the wrap point.
  *
  * XXX: we check against INT_MAX since on 64-bit
  *      platforms, sizeof(int) != sizeof(long) and
  *      time_t is 32 bits even when atv.tv_sec is 64 bits.
  */

 if (securelevel > 1 &&
     ((ts->tv_sec > INT_MAX - 365*24*60*60) ||
      (delta->tv_sec < 0 || delta->tv_usec < 0)))
 	result = KAUTH_RESULT_DENY;

break;
}

No Comments