stackoom
  简体   繁体   中英

Using openssl via pipe is secure?

 原文  2011-01-24 09:17:34       c/ openssl/ pipe

Question

I use openssl on the shell for encrypting data and would like to decrypt the data later at runtime in a ObjC/C/C++ program. As I could not get it working using the openssl library I call openssl from the program "on the console" and pipe the decrypted result back into a string, using popen() etc. This works perfectly but I wonder if this approach is as secure as using it "internally".

Thanks for comments or hints, as I haven't found anything useful on the web yet...
Matthias

1 answers

solution1
 2  2011-01-24 14:07:02

You're potentially exposing yourself to a couple of more attack vectors, beyond that it's not that much less secure than linking against and using the OpenSSL library.

The program and it's arguments you're running from popen may expose additional info through argv, if you can specify the key material directly on the command-line and do so, this would be exposed through /proc/<pid>/cmdline (and ps/top/etc.). This is what I'd worry about the most if I were to decrypt via another process and pass it to another application through an pipe. As root they would also be able to read /proc/<pid&gt/environ if you pass key-material to the application through environment, although if they're root there's all sorts of other shenanigans they can do as well to get a hold of your stuff regardless of which method you use openssl (library/binary+pipe).

There's a few other things like replacing the openssl binary with something malicious, or injecting it earlier in PATH if you let popen/shell determine which openssl binary to use, although if they can do this chances are they also can get a hold of key-material and ciphertext through easier means (or they could replace or LD_PRELOAD a malicous openssl library, which neatly would defeat dynamically linking against openssl also). The same goes for snooping on the pipe, they'd have to run as root or your user.

In short, if you can popen without exposing anything sensitive through argv it's not that much less secure than using the OpenSSL library. Yes, there's a few more ways of getting a hold of your stuff, but it'd require them to run as a user which would be able to get a hold of your stuff anyway (although it'd possibly require a bit more effort).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Writing to openssl's stdio in C using pipe Check if the file is correct using sha1withRsa via openssl functions Decrypt string via OpenSSL secure client/server program in C with OpenSSL Communicating with PuTTY via pipe OpenSSL “Seal” in C (or via shell) How to send and then encrypt a message using OpenSSL public key via socket in C? OpenSSL SSL_shutdown received signal SIGPIPE, Broken pipe AES encryption using openssl decrypting files using openssl
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM