Presentation is loading. Please wait.

Presentation is loading. Please wait.

Race Conditions and Security. News o’ the day Java security flaws 3 bugs in Sun’s JRE Elevation of privilege, execution of arbitrary code, read/write.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Race Conditions and Security. News o’ the day Java security flaws 3 bugs in Sun’s JRE Elevation of privilege, execution of arbitrary code, read/write."— Presentation transcript:

1 Race Conditions and Security

2 News o’ the day Java security flaws 3 bugs in Sun’s JRE Elevation of privilege, execution of arbitrary code, read/write local files from remote program Time to update your Java config...

3 Administrivia Happy December! tick, tock...

4 Administrivia Happy December! tick, tock... Happy new moon!

5 Administrivia Happy December! tick, tock... Happy new moon! Reminder: Final exam Dec 13, 12:30 PM, usual room

6 Time rolls on... Last time: Design principle: early vs. late commitment Timer threads (Race conditions) This time: Client-side communications Race conditions & security (for sure!)

7 Client-side communications Issue: Data enters client through network listener thread GUI being processed on Swing/AWT event queue Need to transfer data between them Need to handle synchronization...

8 Classic MVC design Network Listener thread Model (GridWorld2d + stuff) GUI data structures (JLabel, etc.) data (server update) set(x,y,data) notify(x,y) get(x,y)

9 Classic MVC design Network Listener thread Model (GridWorld2d + stuff) GUI data structures (JLabel, etc.) data (server update) set(x,y,data) notify(x,y) get(x,y) SWING/AWT event proc thread GUI event (click, etc.) Danger Will Robinson! Multiple access! Data corruption! Here be Monsters!

10 What you want Network Listener thread Model (GridWorld2d + stuff) GUI data structures (JLabel, etc.) data (server update) set(x,y,data) notify(x,y) get(x,y) SWING/AWT event proc thread A miracle occurs GUI event (click, etc.) Deferred ! WTF?

11 How to get there... Need some way for listener thread to: Store the incoming data temporarily Notify the event thread: “Hey! There’s some new data! Come deal with it!” Requires: Synchronized access to temp data store Rapid turnaround in listener thread

12 How to get there... Clever, clever SWING designers thought of this... javax.swing.SwingUtilities.invokeLater() Takes a Runnable Event thread executes Runnable.run() “when it’s convenient” After rest of outstanding AWT events have cleared

13 How to get there... Clever, clever SWING designers thought of this... javax.swing.SwingUtilities.invokeLater() Immediately returns control to calling thread (network listener) Executes Runnable.run() once Does not create a new thread

14 Network listener code public void listenToNetwork(Socket s) { while (!toStop) { Message data= // read from network synchronizedBuffer.add(data); SwingUtilities.invokeLater(new _msgHandler()); }

15 Network listener code public void listenToNetwork(Socket s) { while (!toStop) { Message data= // read from network synchronizedBuffer.add(data); SwingUtilities.invokeLater(new _msgHandler()); } private static class _msgHandler implements Runnable { public void run() { Message m=synchronizedBuffer.remove(); while (m!=null) { m.execute(model); m=synchronizedBuffer.remove(); } } } }

16 Alternately... public void listenToNetwork(Socket s) { while (!toStop) { Message data= // read from network SwingUtilities.invokeLater(new _msgHandler(data)); } private static class _msgHandler implements Runnable { public _msgHandler(Message m) { _data=m; } public void run() { m.execute(model); } private final Message _data; }

17 A final note The example chat client you have does not do this May be a bug...... Or the author may know something I don’t This is my best understanding from SWING docs Caveat emptor!

18 Race Conditions & Security

19 Race Cond. & Security Atomicity failures can sometimes be exploited to break security on multiprocessing systems One of the top 10 classes of exploits since... mid-1980’s, at least 100’s (or more) of reported vulnerabilities Independent of language: Java will not save you! Hostile program grabs a shared resource (e.g., file) before it is secured Beware when writing privileged code! N.b.: Sometimes your never-intended-to-be- secure code will be run in privileged context!

20 Basic Race Cond. Exploit priv proc

21 Basic Race Cond. Exploit priv proc file /tmp/foo write() read() close() unlink() open(“/tmp/foo”, O_RDWR | O_CREAT);

22 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc open(...) read()

23 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc chmod()

24 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc chmod() open(...)

25 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask()

26 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask() open(...) read()

27 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask() symlink(“/tmp/foo”, “/etc/passwd”)

28 Basic Race Cond. Exploit priv proc stat(“/tmp/foo”); if (!exists) { open(“/tmp/foo”, O_RDWR | O_CREAT); } else { error(); } file /tmp/foo write() read() close() unlink() hostile proc umask()

29 Basic Race Cond. Exploit priv proc stat(“/tmp/foo”); if (!exists) { open(“/tmp/foo”, O_RDWR | O_CREAT); } else { error(); } file /tmp/foo write() read() close() unlink() hostile proc umask() symlink(“/tmp/foo”, “/etc/passwd”)

30 Preventing FS Race Conds Could create “foo” in dir owned/writable only by owner of proc Can be hard to ensure this Still have to watch out for filename collisions Could make file names hard to predict (e.g., picked randomly) Exploit still possible; hard to make fnames really random Ultimate answer: use OS atomicity facilities open(“/tmp/foo”, O_RDWR | O_CREAT | O_EXCL) Always be on guard!

Download ppt "Race Conditions and Security. News o’ the day Java security flaws 3 bugs in Sun’s JRE Elevation of privilege, execution of arbitrary code, read/write."

Similar presentations

1 Symbian Client Server Architecture. 2 Client, who (a software module) needs service from service provider (another software module) Server, who provide.

1 Symbian Client Server Architecture. 2 Client, who (a software module) needs service from service provider (another software module) Server, who provide.
Multi-threaded applications SE-28111. SE-2811 Dr. Mark L. Hornick 2 What SE1011 students are told… When the main() method is called, the instructions.

Multi-threaded applications SE SE-2811 Dr. Mark L. Hornick 2 What SE1011 students are told… When the main() method is called, the instructions.
Gots ta move dat data...... and not trash your threads...

Gots ta move dat data and not trash your threads...
Intro to Threading CS221 – 4/20/09. What we’ll cover today Finish the DOTS program Introduction to threads and multi-threading.

Intro to Threading CS221 – 4/20/09. What we’ll cover today Finish the DOTS program Introduction to threads and multi-threading.
Precept 3 COS 461. Concurrency is Useful Multi Processor/Core Multiple Inputs Don’t wait on slow devices.

Precept 3 COS 461. Concurrency is Useful Multi Processor/Core Multiple Inputs Don’t wait on slow devices.
Threads ICW Lecture 10 Tom Chothia. Last Time XML JDOM XPATH.

Threads ICW Lecture 10 Tom Chothia. Last Time XML JDOM XPATH.
Threads Clients Servers Code Migration Software Agents Summary

Threads Clients Servers Code Migration Software Agents Summary
Computer Science 162 Section 1 CS162 Teaching Staff.

Computer Science 162 Section 1 CS162 Teaching Staff.
Multithreaded Java COMP1681 / SE15 Introduction to Programming Fast Track Session 3.

Multithreaded Java COMP1681 / SE15 Introduction to Programming Fast Track Session 3.
Administrivia P2 all grades available now Relative importance of scores M1: 30% M2: 30% Rollout: 40% P3 -- good progress so far! Looks like a lot of the.

Administrivia P2 all grades available now Relative importance of scores M1: 30% M2: 30% Rollout: 40% P3 -- good progress so far! Looks like a lot of the.
Building Secure Software Chapter 9 Race Conditions.

Building Secure Software Chapter 9 Race Conditions.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Talking to Threads. Administriva Grade summary today.

Talking to Threads. Administriva Grade summary today.
Racing toward disaster.... Today in history Last time: Dijkstra’s algorithm (off the cuff) This time: Principle o’ the day Timer threads Design exercise,

Racing toward disaster.... Today in history Last time: Dijkstra’s algorithm (off the cuff) This time: Principle o’ the day Timer threads Design exercise,
1 Organization of Programming Languages-Cheng (Fall 2004) Concurrency u A PROCESS or THREAD:is a potentially-active execution context. Classic von Neumann.

1 Organization of Programming Languages-Cheng (Fall 2004) Concurrency u A PROCESS or THREAD:is a potentially-active execution context. Classic von Neumann.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Oh what a tangled web we weave… … when first to thread we do conceive Lecture 24, Dec 08.

Oh what a tangled web we weave… … when first to thread we do conceive Lecture 24, Dec 08.
1 Threads Chapter 4 Reading: 4.1,4.4, 4.5. 2 Process Characteristics l Unit of resource ownership - process is allocated: n a virtual address space to.

1 Threads Chapter 4 Reading: 4.1,4.4, Process Characteristics l Unit of resource ownership - process is allocated: n a virtual address space to.
Oh what a tangled web we weave...... when first to thread we do conceive.

Oh what a tangled web we weave when first to thread we do conceive.
Threads II. Review A thread is a single flow of control through a program Java is multithreaded—several threads may be executing “simultaneously” If you.

Threads II. Review A thread is a single flow of control through a program Java is multithreaded—several threads may be executing “simultaneously” If you.

Similar presentations

Ads by Google