[1051] in linux-security and linux-alert archive
[linux-security] Saving Passwords in Binaries
daemon@ATHENA.MIT.EDU (Todd W Burgess)
Thu Aug 22 07:16:55 1996
Date: Wed, 21 Aug 1996 11:51:50 -0400 (EDT)
From: Todd W Burgess <tburgess@uoguelph.ca>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <01BB8E66.14FAA6C0@jabpc.jabsoft.com>
I have been working on a program which will check for new mail on an
IMAP server and have encountered an interesting problem. My program is
written in C and runs (currently) under Linux and HPUX. It initiates an
IMAP session by connecting to port 143 on the IMAP server.
The problem is this: In order to start an IMAP session the IMAP
server needs a username and a password (both must be in plain-text). A
typical IMAP login string would look like "? login username password\n".
In order to get the username and password I have come up with two
solutions:
Solution 1: Involves calling getuid(2) to get the user ID and then
calling getpwuid(3) to get the encrypted password. I then query the
user for the password, crypt(3) the user supplied password, compare
the encrypted user supplied password with the one from
getpwuid(3) and if they match then I know I have the right password.
The program then will login to the IMAP server.
Solution 2: Have the user edit a .h file. The user edits two defines
one define is the IMAP username and the other is the password.
The user then compiles the program, verifys that it works and
deletes the .h file they edited.
Problem with solution 2 is that if either the user has group or world
read permissions set on the binary then it is posssible for an
unauthorized individual to find out the user's password simply by doing a
"strings <binaryname>" (because the user enters them into the .h file in
plaintext form they get saved in the binary in plaintext).
Solution 1 does not have the above security flaw. The only problem is
that everytime you run it, you have to type in your password. The
advantage to Solution 1 is the user does not have to compile the program
to get it to work.
So what it comes down to is this: I would be interested in hearing
about ways I could store the password in the binary in an encrypted form.
The criteria for the encryption algorithm is this: it can not violate any
international laws, whatever gets encrypted must also be decrypted (ie no
"one-way" encryption algorithms) and the algorithm makes it impractical
to easily crack the password.
I have very little experience in implementing encyption algorithms so
I would be interested in hearing from people who have. The biggest
encyption project I ever did was write a rot13 algorithm in 68000
assembly on a final exam.
If anybody is interested in what I have done so far, e-mail me and I
will send you the code.
[REW: Cryptographically: if your program can decode the password, so
can someone else. The easiest way would be to just run the program and
use strace to find the "write username,password to the server".
If you correctly emphasize that your encryption is "for authentification
purposes only" you won't have export problems.
I'd allow the user to put the IMAP loginname and password in a file.
Your program should test that the file is not world readable. If you
can't find that file, ask the user (i.e. fall back on your "solution
1"). The information in this file could be encrypted just as in your
"solution 2".]
University of Guelph, Computer Science Major E-mail: tburgess@uoguelph.ca
URL: http://eddie.cis.uoguelph.ca/~tburgess