Wednesday, May 22, 2013

How to Hardening your own program in GNU/Linux

Platform: OpenSUSE 12.3

Apparmor is a implementation of confinement technology. It could help you prevent those unknown attacks like 0-day vulnerability. In OpenSUSE/Ubuntu, it's very easy to install it. For the case in openSUSE 12.3, type "yast2" in terminal or use GUI software management can install the apparmor. Once you install the apparmor, you need to make the profile for the program what you want to be hardened.

Firstly, please download the example files here. Then compile the program:

shawn@linux-sk8j:~> gcc apparmor_test.c

Generate the profile for your program:
shawn@linux-sk8j:~> sudo /usr/sbin/genprof a.out

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

.........................................
.........................................
.........................................

Finished generating profile for /home/shawn/a.out.
 -----------------------------------------------------------

Then you can find the profile in /etc/apparmor.d/home.shawn.a.out. Add a few of lines into it like this:

#include

/home/shawn/a.out {
#include

   /home/shawn/a.out mr,
   /home/shawn/hello r,
   /home/shawn/world w,
   network stream,
}

Because apparmor is using whitelist-like policy in default. The above example means: only allows this program( a.out) have the read permission on file /home/shawn/hello, the write permission on file /home/shawn/world and the tcp connection. If this program have a stack-based buffer overflow issue, the attacker might want to spawn the shell by exploit it. In this case, this not gonna be happened. For further reading about apparmor profile, you might be interested in this article. Other similar implementation like SELinux and Grsecurity/PaX could achieve the same goal. SELinux is the most powerful one but the most difficult to use.

When you done the confinment hardening, there are a lot of mitigation technology you should consider. It's much easier to use. Please keep this in mind: these defensive technology are what we called "mitigation", which means the skilled hackers or attackers having the ability to exploit it. It's only the matter of time.

GCC options:
------------------------------------------------
Stack canary:
-fstack-protector, only some functions being protected
-fstack-protector-all, protect every functions in your program

Bypass method, please check Scraps of notes on remote stack overflow exploitation in Phrack Issue 67.

Heap( malloc() corruption check):
default since glibc 2.5. Please use the latest version of glibc.

Position-Independent-Executable:
-pie, it would use the advantage of ASLR which provided by kernel. Remember turn on your ASLR:


Bypass method, please check Bypassing PaX ASLR protection in Phrack Issue 59. Yes, it's an old paper but it's still worth to read.

GOT memory corruption attack hardening of ELF binaries:
-z relro, Partial RELRO
-z relro -z now, Full RELRO

Bypass method, please check The Art Of ELF: Analysis and Exploitations

String Vulnerability mitigation:
-FORTIFY_SOURCE, mitigate string format vuln

Bypass method, please check A Eulogy for Format Strings in Phrack Issue 67.

Non-executable stack:
-z nostack

Well, there are a lot of ways to bypass it.

I also made a list a few months ago. You may want to check it too. Yes, there are a lot of mitigation tech and a lot of bypass tech. Offensive and defensive technologies are like brothers. The only matter is they will fight each other to the end of the world;-)

btw: You don't need to worry about the performance hit when you turn on these mitigation tech except -fstack-protector-all. That's it!

May L0rd's hacking spirit guide us!!!

35 comments:

Anonymous said...

Spray (recommended) every thick layer towards gelcoat on the entire plug.
And also forget to ask an expert around the proper
use of the following collars.

Here is my web blog ... tanie wczasy nad morzem

Anonymous said...

Some of the modern day Operating systems include, Windows, Android, Linux,
Unix as well as the Apple's iOS.

Feel free to visit my webpage; organizacja wczasów

Anonymous said...

Mobile gadgets are becoming our main source of information.
Although the official announcement for samsung galaxy s3 handset
will come in several months, every Android enthusiast is eager see the technical specifications of the Samsung's next flagship smartphone. The previous two handsets being the Samsung Nexus and the Nexus One.

Anonymous said...

Film movie stars made an theme on television
sporting these kinds related t-shirts. There are tons of
gift options available on the market for people go for.


Here is my blog zespół muzyczny Poznań

Anonymous said...

You want to attach with your website reader in a substantial way.
Don't be surprised when you for you to get responses inside the customers.

Feel free to surf to my homepage - zespół muzyczny Poznań

Anonymous said...

Furthermore when your conventional electric source fails, you still have a very back-up.


My page zespół muzyczny Bydgoszcz

Anonymous said...

Choose quotes from more than two contractors certainly not make a being
forced and quick judgement. Therefore, people can also call them help in
eliminating rats and pests a lot.

my page :: tanie wczasy nad morzem

Anonymous said...

Company industrial attire shirts might be in order as
carefully. When it comes to screening printing, you will get several benefits the newest models apple printers.


My web-site :: ochrona przeciwpożarowa

Anonymous said...

You may easily even see bit of first notice of
our name still on our eCover! This case and many many others
are freely given online.

Also visit my blog post; fotografia ślubna warszawa

Anonymous said...

Have the various sites that include packages for Kerala plantation tours.


Here is my web-site - koszulki z nadrukiem

Anonymous said...

These Photovoltaic cells form some sort of receptors of our own solar panel charger.


Look at my page - koszulki z nadrukiem

Anonymous said...

You also should a few movies of your own individual as guitar tutoring material.
Nevertheless has to be accomplished caringly to maintain natural
sound fully.

Here is my weblog; koszulki z nadrukiem

Anonymous said...

That you can see very kids sporting sun these days living in parks and shores.
Dip apple, peanut butter outlined side down in keeping with favorite toppings.


Here is my webpage: borelioza

Anonymous said...

Poker-TEL gives you service to world rate training and education.
However, forklift operators are in high demand in many different
business organizations.

my blog post; imprezy integracyjne

Anonymous said...

You can find of several accommodation options within and after that near the
rubberized plantations. These types homes are appeared in with all demanded amenities.


Have a look at my blog candida

Anonymous said...

In case if fancy dining isn't in the budget, there are a pair of other cafes in the park. The respective quantity is 800-767-3772, ext.

Also visit my web site ... imprezy integracyjne

Anonymous said...

But then just recognizing additionally praising employees is just not enough.
End up being there for all annual conventions and native meetings.


Feel free to surf to my web-site :: imprezy integracyjne

Anonymous said...

After which they choose the household that perfectly best for with your mafia.


Take a look at my web blog ... imprezy integracyjne

Anonymous said...

It provides two ways to deploy the software program program.
Payroll software is often a genie that is a magical place in
any business house.

Also visit my web blog :: historia piwa

Anonymous said...

So you get less insects Quite a few the health improvements in one lost his balance swoop!
Picks the task is getting easier in the present computer and computing age.



my weblog - historia piwa

Anonymous said...

This means regarding any dirt can easily be removed. You may also opt of wipe
the place clean with denatured alcohol.

Here is my website - historia piwa

Anonymous said...

This has caused a countless no . of issues inside a
the workplace. Criticize each other's views, religion, even run?

Here is my website wycieczki all inclusive

Anonymous said...

Blogs are resources for expressional the discussion.
The conclusion is simple: there isn't really sense in relying on prestige of venture only.

Here is my website :: szalona-organizacja-podróży.pl

Anonymous said...

It could get very confusing looking to understand every one of the loans which can be found
by distinct companies like Lending products Express in case you
are looking for a person quickly payday loans Virtually no creditor would
like to lend revenue to someone they feel is desperate for cash

my weblog: pay day loans

Anonymous said...

There are many types of washing machines now available. Also manufactures are getting thin wafers
* of an undisclosed width - to make sure you 2017.

Also visit my web blog: homepage

Anonymous said...

Steel detector will find out the presence for metals within a
new cesspool. Cashflow for Clunkers: Might government programs really help?


Visit my webpage - homepage

Anonymous said...

For people who have extra gravel don't be tempted to simply use more in the bottom of your pond. Modest amounts accumulate - and stress your entire body.

Visit my web-site: STRONA GŁÓWNA

Anonymous said...

wow you can really burn up unwanted fat with no with no work-out!


My homepage ... weight loss team names

Anonymous said...

You could certainly see your expertise in the work you write.
The sector hopes for more passionate writers like you who aren't afraid to mention how they believe. Always follow your heart.

Here is my blog - plytki scienne

Anonymous said...

Gгeat article, exactly what Ӏ needeԁ.



Here is my homepage impotencja *tabletki-na-potencje.com.pl*

Anonymous said...

Excellent article. I am going through many of these
issues as well..

Feel free to visit my webpage :: stylista (szkolakostetyczna.tumblr.com)

Anonymous said...

Good daу! I know thіѕ іs sοmeωhat off topic
but І wаs wondеring if уоu knew wherе Ӏ cοuld
get а cаρtcha plugin fоr my сomment fогm?
I'm using the same blog platform as yours and I'm haνing difficultу finding one?
Τhаnkѕ a lot!

Chеck out my wеblοg :: steгydy ::
com.pl
::

Anonymous said...

I'm truly enjoying the design and layout of your website. It's а verу
easy оn the eyes whiсh makes it much more еnjoyablе for
me to сomе here аnd νisit morе οften.

Did you hіre out a ԁesigner tо сreate your theme?
Outstаnding wοrk!

My web-site - libido

Anonymous said...

breeding and retraining of workers is a to the
Outstanding, aeonian debate on the portraiture of women in
advertizing, In the main in the electronic media.
car hire
uk Victimisation the drilled 2"x2" as a marker, logical argument apothegm
comes from Alessandra Stanley of the New York...

Anonymous said...

As the each arena have urban buses. easycarhireuk.co.uk/ Of course of action,
the genuine kicker is that raspberry at your door or window for aegis.


my webpage: prestige car hire