Obfuscating values of compile-time parameters in Haskell 在Haskell中混淆编译时参数的值

huangapple go评论60阅读模式
英文:

Obfuscating values of compile-time parameters in Haskell

问题

在我的Haskell应用程序中,我实现了以下机制,用于将敏感信息传递给二进制文件(而不使用CLI参数):

  • 我使用TemplateHaskell机制在编译时读取环境变量:
{-# LANGUAGE TemplateHaskell #-}
...
import Language.Haskell.TH.Env
...
myPrecious :: String
myPrecious = fromMaybe "" $$(envQ "MY_PRECIOUS")
...
  • 在编译时,我以以下方式传递相关环境变量:MY_PRECIOUS=<secret> stack build,然后它会绑定到Haskell端的myPrecious
  • 生成的二进制文件中包含了MY_PRECIOUS的值,因此不会在操作系统级别可见(例如通过ps aux

问题是,现在我可以在文本编辑器中打开该二进制文件或创建内存转储(例如使用GDB),并在了解它在使用时的上下文的情况下挖掘出秘密,特别是如果我知道某些恶意行为者可能已经获得了源代码的访问权限。因此,我一直在想,是否有办法强制GHC生成一个更加混淆/乱码的二进制文件,其中这些值不容易可见。我知道没有这样的保护方案可以百分之百安全,但我正在寻找一种使入侵者的任务更加困难的方法。

英文:

In my Haskell application I implemented the following mechanism for passing sensitive information to the binary (without resorting to CLI parameters):

  • I use a TemplateHaskell mechanism for reading environment variables at compile time:
{-# LANGUAGE TemplateHaskell #-}
...
import Language.Haskell.TH.Env
...
myPrecious :: String
myPrecious = fromMaybe &quot;&quot; $$(envQ &quot;MY_PRECIOUS&quot;)
...
  • When compiling, I pass the relevant environment variable like so: MY_PRECIOUS=&lt;secret&gt; stack build and it then gets bound to myPrecious on the Haskell side
  • The resulting binary has the value of MY_PRECIOUS compiled in, so it won't be visible from the operating system level (e.g. via ps aux)

Trouble is, I can now open that binary in a text editor or create a memory dump (e.g. with GDB) and with a little determination dig up the secret, especially if I know the context in which it is being used - I'm assuming that some malicious actor might have obtained access to the source code. So I've been wondering, is there any way to force GHC to produce a more obfuscated/garbled binary, in which such values would not be readily visible. I'm aware that no such protection scheme can be bulletproof, but I'm looking for a way to make the intruder's task harder.

答案1

得分: 5

混淆是浪费时间。您最终会花费数天时间尝试想出聪明的东西,但一个新手逆向工程师只需几分钟就可以击败它。相反,您应该建立实际的安全性,而不是通过混淆来实现安全性,可以使用以下方式:

  1. 创建一个新的UNIX组,其中没有用户
  2. 将您的机密信息放在只有root和该组可以读取的文件中
  3. 编写您的程序以在启动时从该文件中读取机密信息
  4. 使您的二进制文件设置为可由能够读取该文件的组运行

现在在文本编辑器中打开二进制文件将什么都不会显示,因为机密信息根本不在其中,而且由于内核不允许对setgid进程执行内存转储,因此无法进行内存转储。

英文:

Obfuscation is a total waste of time. You'll end up spending days trying to come up with something clever only for a rookie reverse engineer to defeat it in minutes. Instead, you should set up actual security rather than security through obscurity, with something like this:

  1. Create a new UNIX group with no users in it
  2. Put your secrets in a file only readable by root and that group
  3. Code your program to read secrets from that file at startup
  4. Make your binary setgid the group that can read the file

Now opening the binary in a text editor will yield nothing, since the secrets aren't in it at all, and taking a memory dump is impossible since the kernel doesn't let you do that to a setgid process.

huangapple
  • 本文由 发表于 2023年4月17日 22:11:35
  • 转载请务必保留本文链接:https://go.coder-hub.com/76036087.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定