Protecting databases against credentials theft

In the past years credential theft has become a common theme among web sites. They all stem from a compromise of the web or application server or unrelated other infrastructure. Once access to the file system of the database server is achieved or the database can be accessed using the application’s credentials, the stored secret credentials the user configured, and potentially shares with other sites, can be retrieved from the database. As soon as the intrusion is detected, responsible web site owners usually notify the users about the breach and ask them to change their credentials to the website and warn about credentials reuse. Having a breach is obviously bad publicity and evidently has negative consequences.

However, at least one of the attack avenues can be sealed off: Retrieving of the secret data from the database using the credentials of the web application

If all operations (checking, setting the password) on the secret data (credentials) is delegated to the database server, which has access to it regardless, because it stores them, and the application itself can not read them anymore, they can not be stolen through that vector anymore.

This blog post describes a native technology that allows web sites to delegate the password authentication to the SQL database.

Technologies involved:

  • mysql/mariadb SQL functions and sql security setting
  • mysql/mariadb UDFs
  • lib_mysqludf_crypt
  • Botan crypto lib

The two technologies that fundamentally enable this solution are the ability of mysql/mariadb to adopt a suid like calling mechanism for user defined functions (UDF) and the ability to load dynamic libraries and call code inside them from SQL.

Access to the functions and tables is restricted using normal SQL ACLs (grants). The necessary primitives for the hashing, salting and constant time compare is provided through a custom library that is loaded by mysql/mariadb. It links to the botan crypto library. The actual implementation of the password checking and setting, user adding and deletion, email address adding and so on is implemented in native SQL.

A critical limitation of the way UDF support is implemented in mysql/mariadb prevents the usage of any library that requires any nonreoccuring initialization and/or deinitialization, because there is no central per-lib initialization hook or similiar that could be used for the purpose of initialization. So the library must not need any initialization. Due to the nature of C and how shared objects work, it is not possible to handle several initializations of the same library. It would be possible if there was some way to persist the information that the lib was initialized and it could be distinguished from the uninitialized state the memory is in in the beginning of the execution of the code.

This problem effectively restricts the choice of crypto library to anything that does not support any hardware acceleration because those devices require central coordination by a lib and thus a shared, initialized structure.

I elected to use botan for the implementation of the cryptography. I used the latest version, which is 2.10, because it offers a central header through which its functions can be easily called. In order to support platforms without that version of the library, either botan has to be statically linked into the custom library or the relevant code has to be moved within the library.

I still want to implement support for doing the mschap(v2) handshake between a client and the SQL database, which requires DES in ECB mode and MD4. Those functions are sadly not provided by botan, so they require me to implement them by myself or copy code.

No, syslog is not reliable.

This is a common pitfall. Another of your assumptions crumbles.

Neither syslog over TCP nor syslog over UDP implement any application layer confirmation of the receipt of any log messages. If anything occurs between the writing to the buffer or the sending of the log over the socket and the logs having been written to the disk on the receiver, those logs are permanently lost.

Continue reading “No, syslog is not reliable.”

pulseaudio module-echo-cancel beamforming

Here’s an example line for default.pa or similiar, or for running using pacmd. I haven’t tested it, but pulseaudio accepts this line just fine:

load-module module-echo-cancel use_master_format=1 aec_method=webrtc use_volume_sharing=1 aec_args=”analog_gain_control=0 digital_gain_control=1 beamforming=1 mic_geometry=-0.04,0,0,0.04,0,0 target_direction=4.71238898,0,0″ source_master=alsa_input.usb-046d_0821_FDA941A0-00.analog-stereo sink_master=alsa_output.pci-0000_43_00.1.hdmi-stereo-extra3 source_name=echoCancel_source sink_name=echoCancel_sink

Needs LC_NUMERIC=C in environment to be able to correctly read the mic_geometry. Using commas instead of periods doesn’t work.
if you use systemd, just use a drop-in (e.g. create one using systemctl edit)

iptables best practices

  • Don’t use iptables to apply your rules one at a time, use iptables-restore to apply a whole ruleset in one action.
  • Set your INPUT and FORWARD policy to DROP.
  • Don’t set your OUTPUT policy to DROP unless you really know what you’re doing.
  • If you’re going to implement a blacklist or whitelist, you should look at using ipsets if that list is going to be more than two or three addresses, and if it might be dynamic.
  • Allow all traffic on lo.
  • You should ALLOW traffic in ctstates of RELATED and ESTABLISHED near the beginning of your rules
  • Don’t use iptables -L
  • DON’T USE IPTABLES -L
  • Use iptables-save instead of iptables -L.
  • Don’t use ifconfig or any of the net-tools.
  • Use iproute2 (ip address, ip link, ip route, ip rule, …)
  • Always read the man pages that are installed on the system you’re trying to use the corresponding software on.

Summary page of the Netfilter related resources

Summary page of the Netfilter related resources

No, nftables is not production ready.