QML应用程序和安全性 - 有没有?
[英]QML applications and security - is there any?
问题描述
I just made a shocking discovery - when deploying QML applications, all the "stock" QML components used in the project are deployed as bare QML files, directly visible in the file system, they are not even tucked away in the application qrc binary as user QML files are. 
我刚刚发现了一个令人震惊的发现 - 在部署QML应用程序时,项目中使用的所有“库存”QML组件都部署为裸QML文件,在文件系统中直接可见,它们甚至不作为用户隐藏在应用程序qrc二进制文件中QML文件是。 Meaning that anyone can open those human readable files, and write whatever code he needs executed. 意味着任何人都可以打开那些人类可读的文件,并编写他需要执行的任何代码。 Also, it is possible to do a fair amount of introspection on QObject derived types, even from QML, you can crawl down the object tree, analyze the application structure, iterate through object's methods and properties. 此外,可以对QObject派生类型进行大量内省,甚至可以从QML中进行内省,您可以向下爬行对象树,分析应用程序结构,迭代对象的方法和属性。 Plenty of room for malicious hackery. 充满恶意hackery的空间。 You don't even have to dig for some low level overlooked exploit - it is all just there for the taking. 你甚至不需要挖掘一些低级别的被忽视的漏洞利用 - 它就在那里。
Are there any security features to prevent that from happening? 是否有任何安全功能可以防止这种情况发生? Something to check deployed QML sourced for modifications perhaps, even as basic as a checksum? 是否可以检查已部署的QML源代码进行修改,即使与校验和一样基本? If not, are there any strategies towards manually implementing security? 如果没有,是否有任何手动实施安全的策略? It seems the deployment process is pretty much set, that's the way it is and there isn't room for customization? 似乎部署过程几乎已经设置,就是这样,并且没有定制空间?
Also note that from my investigation in relation to this question , it does seem to be possible to override how QML files are resolved, but even if one goes this arduous way, how does that stack with the existing deployment scheme? 另请注意,根据我对此问题的调查 ,似乎有可能覆盖QML文件的解析方式,但即使采用这种方式,如何与现有的部署方案进行叠加? Is there a "pretty" way to customize the deployment procedure, especially considering it varies drastically between different target platforms. 是否有一种“漂亮”的方式来定制部署过程,特别是考虑到它在不同目标平台之间的差异很大。
The question is not about protecting my code from plagiarism , the question is about protecting Qt's code from tampering . 问题不在于保护我的代码免受抄袭 ,问题在于保护Qt代码免受篡改 。
Since many people seem to have a problem with understanding the issue at hand, let me put it in a form of a metaphor, which will hopefully be easier to understand. 由于许多人似乎对理解手头的问题有疑问,所以让我把它放在一个隐喻的形式,希望更容易理解。 All locks can be picked, but that doesn't mean it is not a problem if your door comes with no lock whatsoever. 可以挑选所有锁,但这并不意味着如果您的门没有任何锁,这不是问题。 Security concerns in the case of a door that cannot be locked are not unfounded just because locks aren't infallible. 在无法锁定的门的情况下的安全问题并不是没有根据的,因为锁不是绝对可靠的。
Yes, all applications can be hacked, but it makes all the difference in the world whether this requires reverse engineering of binaries, finding an overlooked low level vulnerability and a way to exploit it to your malicious intent, or it is as trivial as opening a text file and just writing what you want to happen. 是的,所有应用程序都可以被黑客攻击,但它是否会在世界上发挥重要作用,这是否需要对二进制文件进行逆向工程,找到一个被忽视的低级别漏洞以及将其用于恶意攻击的方法,或者这样做与打开文本文件,只写你想要发生的事情。
This is not the case of the typical, intrinsic and unavoidable vulnerability, which is up to the developer to try to minimize as much as possible, this is the case of a huge, gaping hole, existing by design in Qt's deployment strategy for QML applications. 这不是典型的,内在的和不可避免的漏洞的情况,这是由开发人员尽可能地尽量减少,这是Qt的QML应用程序部署策略中设计中存在的巨大的漏洞的情况。 。 Not only is addressing this not a responsibility of the developer, on top of that Qt's licensing schemes might very well impede the developer from doing it at all. 解决这个问题不仅仅是开发人员的责任,而且Qt的许可方案可能会阻碍开发人员完成任务。 It is a little hard to implement security when insecurity exists at the framework level and you are not allowed to work around it. 当框架级别存在不安全因素并且不允许您解决此问题时,实施安全性有点困难。
For some reason people seem to miss the reverse engineering aspect of this intrinsic lack of security. 出于某种原因,人们似乎错过了这种内在缺乏安全性的逆向工程方面。 Before a hacker begins targeting users, he has to develop the hack. 在黑客开始瞄准用户之前,他必须开发黑客。 This is where the insecurity is most pronounced. 这是不安全感最明显的地方。 The hacker will undoubtedly have admin/root access to his own machine, so no scheme to protect QML sources from writing will work. 毫无疑问,黑客将拥有对自己机器的管理员/ root权限,因此任何保护QML源免于编写的方案都不会起作用。 Having the QML engine willy–nilly interpret text files makes it all that much easier to hack the application, tremendously easier than exploiting the executable binary. 让QML引擎毫不犹豫地解释文本文件使得破解应用程序变得更加容易,比利用可执行二进制文件更容易。 From then on, there are other routes to compromise the user's system (and all widely used systems are vulnerable), but point is, at least from the perspective of the individual app developer, that a compromised system alone doesn't compromise the user's data in my application, as it is stored protected on the file system, but it is exposed in the application. 从那时起,还有其他路由来破坏用户的系统(并且所有广泛使用的系统都是易受攻击的),但至少从个人应用程序开发人员的角度来看,单独的受损系统不会损害用户的数据在我的应用程序中,因为它存储在文件系统上受保护,但它在应用程序中公开。 Having the QML engine so insecure and childishly easy to inject any code into the application - that's the big issue here. 让QML引擎如此不安全且幼稚地将任何代码注入到应用程序中 - 这是最重要的问题。 How easy it is to compromise the QML files on the user's system is secondary and a minor concern. 在用户系统上破坏QML文件的容易程度是次要的,也是次要问题。 The big problem is how easy QML makes the initial development of the hack. 最大的问题是QML如何轻松地进行黑客的初步开发。
Lastly, the bias of certain people, whose jobs revolve around Qt is understandable, as is their "professional duty" to downplay flaws, which might hamper its adoption and therefore their business, and even if professional, it is highly unethical when the security and privacy of users is at stake. 最后,某些人的偏见,其工作围绕Qt是可以理解的,他们的“职业责任”是淡化缺陷,这可能妨碍其采用,因此妨碍他们的业务,即使是专业人士,在安全性方面也是非常不道德的。用户的隐私受到威胁。 Investing efforts into undermining the risks is hardly the best way to improve on your product's reputation, those risks will not go away just because you are denying them, they will however go away if you improve on your product. 投入努力来破坏风险并不是提高产品声誉的最佳方式,这些风险不会因为你否认它们而消失,但如果你改进了产品,它们就会消失。 Admitting to the risks and committing to fixing them will surely be a while lot less embarrassing than a potential high profile data leak that makes the headlines. 承认风险并承诺修复它们肯定会比成为头条新闻的潜在高调数据泄漏更少尴尬。
2 个解决方案
解决方案1
3 2016-01-30 15:45:16
With Qt 5.7 , static builds of Qt (configuring Qt with -static ) will cause QML files belonging to Qt modules to be built into a plugin via the resource system. 使用Qt 5.7 , Qt的静态构建(使用-static配置Qt)将使属于Qt模块的QML文件通过资源系统构建到插件中。 For example, consider the relevant change in the Qt Graphical Effects module. 例如,考虑Qt Graphical Effects模块中的相关更改 。 Here is the directory listing of qtbase/qml/QtGraphicalEffects before the changes: 以下是更改前qtbase/qml/QtGraphicalEffects的目录列表:
Blend.qml
BrightnessContrast.qml
Colorize.qml
ColorOverlay.qml
ConicalGradient.qml
Desaturate.qml
DirectionalBlur.qml
Displace.qml
DropShadow.qml
FastBlur.qml
GammaAdjust.qml
GaussianBlur.qml
Glow.qml
HueSaturation.qml
InnerShadow.qml
LevelAdjust.qml
LinearGradient.qml
MaskedBlur.qml
OpacityMask.qml
private
qmldir
RadialBlur.qml
RadialGradient.qml
RectangularGlow.qml
RecursiveBlur.qml
ThresholdMask.qml
ZoomBlur.qml
After: 后:
private
qmldir
qtgraphicaleffectsplugin.lib
qtgraphicaleffectsplugin.prl
qtgraphicaleffectsplugind.prl
This is one way of making it harder to access the QML files of Qt modules. 这是使访问Qt模块的QML文件更加困难的一种方法。
解决方案2
0 2016-01-30 08:08:50
Managing Resource Files with the Qt Resource System 使用Qt资源系统管理资源文件
The Qt resource system allows resource files to be stored as binary files in an application executable. Qt资源系统允许将资源文件作为二进制文件存储在应用程序可执行文件中。 This can be useful when building a mixed QML/C++ application as it enables QML files (as well as other resources such as images and sound files) to be referred to through the resource system URI scheme rather than relative or absolute paths to filesystem resources. 这在构建混合QML / C ++应用程序时非常有用,因为它可以通过资源系统URI方案而不是文件系统资源的相对或绝对路径来引用QML文件(以及其他资源,如图像和声音文件)。 Note, however, that if you use the resource system, the application executable must be re-compiled whenever a QML source file is changed in order to update the resources in the package. 但请注意,如果使用资源系统,则只要更改QML源文件,就必须重新编译应用程序可执行文件,以便更新程序包中的资源。
To use the resource system in a mixed QML/C++ application: 要在混合QML / C ++应用程序中使用资源系统:
Create a .qrc resource collection file that lists resource files in XML formatFrom C++, load the main QML file as a resource using the :/ prefix or as a URL with the qrc scheme 创建一个.qrc资源集合文件,列出XML格式的资源文件从C ++开始,使用:/前缀将主QML文件作为资源加载,或者使用qrc方案作为URL加载
Once this is done, all files specified by relative paths in QML will be loaded from the resource system instead. 完成此操作后,将从资源系统加载由QML中的相对路径指定的所有文件。 Use of the resource system is completely transparent to the QML layer; 使用资源系统对QML层完全透明; this means all QML code should refer to resource files using relative paths and should not use the qrc scheme. 这意味着所有QML代码都应该使用相对路径引用资源文件,不应该使用qrc方案。 This scheme should only be used from C++ code for referring to resource files. 此方案应仅用于从C ++代码中引用资源文件。
Source: http://doc.qt.io/qt-5/qtquick-deployment.html 资料来源: http : //doc.qt.io/qt-5/qtquick-deployment.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.