-
Notifications
You must be signed in to change notification settings - Fork 230
/
ChangeLog
295 lines (284 loc) · 18.8 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
fwknop-2.5 (//2013):
- Major release of new functionality - HMAC authenticated encryption
support in the encrypt-then-authenticate model for SPA communications.
Supported HMAC digests include MD5, SHA1, SHA256, SHA384, and SHA512.
The default is HMAC-SHA256 when HMAC is used.
- [libfko] Significant bug fix to honor the full encryption key length for
user-supplied Rijndael keys > 16 bytes long. Previous to this fix,
only the first 16 bytes of a key were actually used in the encryption/
decryption process even if the supplied key was longer. The result was
a weakening of expected security for users that had keys > 16 bytes,
although this is probably not too common. Note that "passphrase" is
perhaps technically a better word for "user-supplied key" in this
context since Rijndael in CBC mode derives a real encryption/decryption
key from the passphrase through a series of applications of md5 against
the passphrase and a random salt. This issue was reported by Michael T.
Dean. Closes issue #18 on github.
- [libfko] Added the ability to maintain backwards compatibility with the
now deprecated "zero padding" key derivation strategy in AES mode that
was a hold over from the old perl fwknop implementation.
- [test suite] Added --enable-openssl-checks to send all SPA packets
encrypted via libfko through the OpenSSL library to ensure that the
libfko usage of AES is always compatible with OpenSSL. This ensures
that the fwknop usage of AES is properly implemented as verified by the
OpenSSL library, which is a frequently audited high profile crypto
engine. If a vulnerability is discovered in OpenSSL and a change is
made, then the --enable-openssl-checks mode will allow the test suite to
discover this in a automated fashion for fwknop.
- [test suite] Changed how the test suite interacts with the fwknop client
and server by looking for indications that SPA packets are actually
received. This is done by first waiting for 'main event loop' in fwknopd
log output to ensure that fwknopd is ready to receive packets, sending
the SPA packet(s), and then watching for for 'SPA Packet from IP' in
fwknopd output. This is an improvement over the previous strategy that
was only based on timeout values since it works identically regardless of
whether fwknop is being run under valgrind or when the test suite is run
on an embedded system with very limited resources. Another check is run
for fwknopd receiving the SIGTERM signal to shutdown via 'fwknopd -K',
and that failing, the test suite manually kills the process (though this
should be rarely needed). This change was implemented based on
discussions with George Herlin.
- (Franck Joncourt) Added support for resolving hostnames in various NAT
modes (fixes issue #43 in github).
- (Franck Joncourt) Added support for saving fwknop client command line
arguments via a new options --save-rc-stanza.
- [client] Bug fix for --nat-rand-port mode to ensure that the port to be
NAT'd is properly defined so that the fwknopd server will NAT
connnections to this port instead of applying the NAT operation to the
port that is to be accessed via -A. This change also prints the
randomly assigned port to stdout regardless of whether --verbose mode is
used (since it not then the user will have no idea which port is
actually going to be NAT'd on the fwknopd side).
- (Vlad Glagolev) Submitted an OpenBSD port for fwknop-2.0.4, and this has
been checked in under the extras/openbsd/fwknop-2.0.4 directory.
fwknop-2.0.4 (12/09/2012):
- [client] Misc fixes and the addition of save_args and last command
(.fwknop.last) support on the Windows platform.
- [client] Fixed bug in username determination code where a valid value
could be overrwritten in certain circumstances.
- [server] Added upstart config at extras/upstart/fwknop.conf. This
allows the fwknopd to easily be managed with upstart via commands like
"service fwknop start" and "service fwknop stop".
- [server] (Vlad Glagolev) Submitted a patch to fix ndbm/gdbm usage when
--disable-file-cache is used for the autoconf configure script. This
functionality was broken in be4193d734850fe60f14a26b547525ea0b9ce1e9
through improper handling of #define macros from --disable-file-cache.
- [server] (Vlad Glagolev) Submitted a patch to fix command exec mode
under SPA message type validity test. Support for command exec mode was
also added to the test suite.
- (Vlad Glagolev) Submitted an OpenBSD port for fwknop-2.0.3, and this has
been checked in under the extras/openbsd/ directory.
- [server] Bug fix to allow GPG_ALLOW_NO_PW to result in not also having
to specify a Rijndael key.
- [Android] Added new .properties files to allow the fwknop client to
build and function properly on the latest Android release (4.1.2).
- [client] Added '-P udpraw' to allow the client to send SPA packets over
UDP with a spoofed source IP address. This is in addition to the
original 'tcpraw' and 'icmp' protocols that also support a spoofed
source IP.
- [libfko] Bug fix to check b64_decode() return value to ensure that
non-base64 encoded data is never used. Even though other validation
routines checked decoded results, it is important to discard invalid
data as early as possible. Note too that such invalid data would only
be provided to b64_decode() after proper decryption, so the client must
provide authentic SPA data.
- [libfko] Added validation of NAT access strings in the various NAT
modes.
- [libfko] Restricted usernames embedded in SPA packets to be
alpha-numeric along with "-" chars.
- [client] (Franck Joncourt) Contributed a patch to allow the fwknop
client to be stopped during the password entry prompt with Ctrl-C before
any SPA packet is sent on the wire.
- [client+server] Applied patch from Franck Joncourt to remove unnecessary
chmod() call when creating client rc file and server replay cache file.
The permissions are now set appropriately via open(), and at the same
time this patch fixes a potential race condition since the previous code
used fopen() followed by chmod().
- [server] Bug fix to accept SPA packets over ICMP if the fwknop client
is executed with '-P icmp' and the user has the required privileges.
- [test suite] Applied patch from Franck Joncourt to have the perl FKO
module link against libfko in the local directory (if it exists) so that
it doesn't have to have libfko completely installed in the /usr/lib/
directory. This allows the test suite to run FKO tests without
installing libfko.
- [test suite] Significant update to include a set of fuzzing SPA packets
that are built using a patched version of libfko. These packets are
located in the test/fuzzing/bogus_spa_packets file, and are designed to
ensure proper validation of SPA packet data. This validation is
performed in --enable-perl-module-checks mode via the perl FKO module.
- [client] Added --icmp-type and --icmp-code arguments so the user can
control the icmp type/code combination for spoofed SPA packets ('-P
icmp') mode.
- [client] Updated default TTL value to 64 for spoofed SPA packets. This
is closer to more OS default TTL values than the previous 255.
- Updated build CFLAGS and LDFLAGS to conform to the Debian
hardening-includes file for PIE support (e.g. '-fPIE' for CFLAGS and
'-fPIE -pie' for LDFLAGS).
- [test suite] For GnuPG tests that require a passphrase associated with
a gpg key, added a pinentry check to see if the local gpg engine
requires it. If so, the gpg test that require a key are excluded since.
- [server] Added a new '--pcap-file <file>' option to allow pcap files to
be processed directly by fwknopd instead of sniffing an interface. This
feature is mostly intended for debugging purposes.
- [server] Added chain_exists() check to SPA rule creation so that if any
of the fwknop chains are deleted out from under fwknopd they will be
recreated on the fly. This mitigates scenarios where fwknopd might be
started before a system level firewall policy is applied due to init
script ordering, or if an iptables policy is re-applied without
restarting fwknopd.
fwknop-2.0.3 (09/03/2012):
- [server] Fernando Arnaboldi from IOActive found several DoS/code
execution vulnerabilities for malicious fwknop clients that manage to
get past the authentication stage (so a such a client must be in
possession of a valid access.conf encryption key). These vulnerabilities
manifested themselves in the handling of malformed access requests, and
both the fwknopd server code along with libfko now perform stronger input
validation of access request data. These vulnerabilities affect
pre-2.0.3 fwknop releases.
- [server] Fernando Arnaboldi from IOActive found a condition in which
the server did not properly validate allow IP addresses from malicious
authenticated clients. This has been fixed with stronger allow IP
validation.
- [client+server] Fernando Arnaboldi from IOActive found that strict
filesystem permissions for various fwknop files are not verified. Added
warnings whenever permissions are not strict enough, and ensured that
files created by the fwknop client and server are only set to user
read/write.
- [client] Fernando Arnaboldi from IOActive found a local buffer overflow
in --last processing with a maliciously constructed ~/.fwknop.run file.
This has been fixed with proper validation of .fwknop.run arguments.
- [server] Fernando Arnaboldi from IOActive found several conditions in
which the server did not properly throw out maliciously constructed
variables in the access.conf file. This has been fixed along with new
fuzzing tests in the test suite.
- [test suite] Added a new fuzzing capability to ensure proper server-side
input validation. Fuzzing data is constructed with modified fwknop
client code that is designed to emulate malicious behavior.
- Fixed RPM builds by including the $(DESTDIR) prefix for uninstall-local
and install-exec-hook stages in Makefile.am.
fwknop-2.0.2 (08/18/2012):
- [server] For GPG mode, added a new access.conf variable
"GPG_ALLOW_NO_PW" to make it possible to leverage a server-side GPG key
pair that has no associated password. This comes in handy when a system
requires the user to leverage gpg-agent / pinentry which can present a
problem in automated environments as required by the fwknopd server.
Now, it might seem like a problem to remove the passphrase from a GPG
key pair, but it's important to note that simply doing this is little
worse than storing the passphrase in the clear on disk anyway in the
access.conf file. Further, this link helps provide additional detail:
http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-use-gnupg-in-an-automated-environment
- [client] In IP resolution mode (-R) changed HTTP connection type to
'close' since there is no need for connection persistence, and indeed the
client expects to just get the IP and the connection to be closed.
Jonathan Schulz submitted a patch for this.
- [client] Bug fix to ensure that all data is read via recv() from a
remote webserver IP resolution mode (-R). Previously IP resolution
could fail if HTTP headers were transferred separately from the data
(for whatever reason). Jonathan Schulz submitted a patch for this.
- [client] Added backup check against a cipherdyne.com 'myip' cgi instance
in -R mode if the normal check against cipherdyne.org fails.
- [server] Bug fix to implement FLUSH_IPT_AT_INIT and FLUSH_IPT_AT_EXIT
functionality. These are enabled by default, and now iptables rules
added by fwknopd can be made persistent by setting these variables to
"N" in the fwknopd.conf file (this is not a recommended setting
however).
[server] Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT for ipfw
firewalls to emulate the corresponding functionality that is implemented
for iptables firewalls. This was suggested by Jonathan Schulz.
- [server] Replay attack bug fix to ensure that an attacker cannot force a
replay attack by intercepting an SPA packet and the replaying it with the
base64 version of "Salted__" (for Rijndael) or the "hQ" prefix (for
GnuPG). This is an important fix. The following comment was added into
the fwknopd code:
/* Ignore any SPA packets that contain the Rijndael or GnuPG prefixes
* since an attacker might have tacked them on to a previously seen
* SPA packet in an attempt to get past the replay check. And, we're
* no worse off since a legitimate SPA packet that happens to include
* a prefix after the outer one is stripped off won't decrypt properly
* anyway because libfko would not add a new one.
*/
- [server] Fixed a memory leak bug in the replay attack detection code.
The leak was found with the test suite in --enable-valgrind mode, and
here is the valgrind trace that exposed it:
44 bytes in 1 blocks are definitely lost in loss record 2 of 2
at 0x482BE68: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x490EA50: strdup (strdup.c:43)
by 0x10CD69: incoming_spa (incoming_spa.c:162)
by 0x10E000: process_packet (process_packet.c:200)
by 0x4862E63: ??? (in /usr/lib/i386-linux-gnu/libpcap.so.1.1.1)
by 0x4865667: pcap_dispatch (in /usr/lib/i386-linux-gnu/libpcap.so.1.1.1)
by 0x10DABF: pcap_capture (pcap_capture.c:226)
by 0x10A798: main (fwknopd.c:299)
- [test suite] Added GPG tests for keyrings that have no associated
passphrases.
- [server] Implemented a new check to ensure that the iptables 'comment'
match exists to ensure the proper environment for fwknopd operations.
This check is controlled by the new ENABLE_IPT_COMMENT_CHECK variable,
and was suggested by Hank Leininger.
- [server] 'make install' fix to ensure restrictive permissions on the
/etc/fwknop/ directory and /etc/fwknop/* files. Also updated the 'make
install' step to not overwrite any existing config files in /etc/fwknop/
and instead install new copies from the source tree at
/etc/fwknop/fwknopd.conf.inst and /etc/fwknop/access.conf.inst
fwknop-2.0.1 (07/23/2012):
- [server] Bug fix where the same encryption key used for two stanzas in
the access.conf file would result in access requests that matched the
second stanza to always be treated as a replay attack. This has been
fixed for the fwknop-2.0.1 release, and was reported by Andy Rowland. Now
the fwknopd server computes the SHA256 digest of raw incoming payload
data before decryption, and compares this against all previous hashes.
Previous to this commit, fwknopd would add a new hash to the replay
digest list right after the first access.conf stanza match, so when SPA
packet data matched the second access.conf stanza a matching replay
digest would already be there.
- [server] Updated PCAP_LOOP_SLEEP default to 1/10th of a second (in
microseconds). This was supposed to be the default anyway, but C
Anthony Risinger reported a bug where fwknopd was consuming more
resources than necessary, and the cause was PCAP_LOOP_SLEEP set by
default to 1/100th of a second - this has been fixed.
- [libfko] Added SPA message validation calls to fko decoding routines to
help ensure that SPA messages conform to expected values.
- Bug fix for PF firewalls: updated the PF anchor check to not rely on
listing the PF policy - fwknopd now uses 'pfctl -s Anchor' instead.
- [test suite] Added parsing of valgrind output to produce a listing of
functions that have been flagged - this assists in the development
process to ensure that fwknop is not leaking memory.
- [test suite] Bug fix on Mac OS X systems to account for libfko.dylib path
instead of libfko.so. This fixes the existence check for libfko.
- [test suite] Added tests for --nat-local mode.
- [client] Fixed several minor memory leaks caught by valgrind.
- [libfko] Minor gcc warning fix: fko_decode.c:43:17: warning: variable
'edata_size' set but not used [-Wunused-but-set-variable].
- Updated fwknopd init script for Debian systems (contributed by Franck
Joncourt).
fwknop-2.0 (01/02/2012):
- This is the first production release that has been completely re-written
in C. This brings Single Packet Authorization functionality to all sorts
of machines from embedded devices to large systems. iptables, ipfw, and
pf firewalls are supported by the fwknopd daemon, and the fwknop client
is known to work on most major *NIX environments, the iPhone and Android
operating systems, and Cygwin under Windows.
- Added FORCE_NAT mode to the access.conf file so that for any valid SPA
packet, force the requested connection to be NAT'd through to the
specified (usually internal) IP and port value. This is useful if there
are multiple internal systems running a service such as SSHD, and you
want to give transparent access to only one internal system for each
stanza in the access.conf file. This way, multiple external users can
each directly access only one internal system per SPA key.
- Added two new access.conf variables are added "ACCESS_EXPIRE" and
"ACCESS_EXPIRE_EPOCH" to allow access stanzas to be expired without
having to modify the access.conf file and restart fwknopd.
- Added a new feature to allow an access stanza that matches the SPA source
address to not automatically short circuit other stanzas if there is an
error (such as when there are multiple encryption keys involved and an
incoming SPA packet is meant for, say, the second stanza and the first
therefore doesn't allow proper decryption).
- Bug fix to exclude SPA packets with timestamps in the future that are too
great (old packets were properly excluded already).
- Bug fix to honor the fwknop client --time-offset-plus and
--time-offset-minus options
- Added DNAT mode tests, minor memory leak fix in NAT mode, added fwknopd
check for ENABLE_IPT_FORWARDING variable before attempting NAT access.
- [test suite] Added --diff mode to compare results from one execution to
the next.