英文:
Obfuscating values of compile-time parameters in Haskell
问题
在我的Haskell应用程序中,我实现了以下机制,用于将敏感信息传递给二进制文件(而不使用CLI参数):
- 我使用
TemplateHaskell
机制在编译时读取环境变量:
{-# LANGUAGE TemplateHaskell #-}
...
import Language.Haskell.TH.Env
...
myPrecious :: String
myPrecious = fromMaybe "" $$(envQ "MY_PRECIOUS")
...
- 在编译时,我以以下方式传递相关环境变量:
MY_PRECIOUS=<secret> stack build
,然后它会绑定到Haskell端的myPrecious
- 生成的二进制文件中包含了
MY_PRECIOUS
的值,因此不会在操作系统级别可见(例如通过ps aux
)
问题是,现在我可以在文本编辑器中打开该二进制文件或创建内存转储(例如使用GDB),并在了解它在使用时的上下文的情况下挖掘出秘密,特别是如果我知道某些恶意行为者可能已经获得了源代码的访问权限。因此,我一直在想,是否有办法强制GHC生成一个更加混淆/乱码的二进制文件,其中这些值不容易可见。我知道没有这样的保护方案可以百分之百安全,但我正在寻找一种使入侵者的任务更加困难的方法。
英文:
In my Haskell application I implemented the following mechanism for passing sensitive information to the binary (without resorting to CLI parameters):
- I use a
TemplateHaskell
mechanism for reading environment variables at compile time:
{-# LANGUAGE TemplateHaskell #-}
...
import Language.Haskell.TH.Env
...
myPrecious :: String
myPrecious = fromMaybe "" $$(envQ "MY_PRECIOUS")
...
- When compiling, I pass the relevant environment variable like so:
MY_PRECIOUS=<secret> stack build
and it then gets bound tomyPrecious
on the Haskell side - The resulting binary has the value of
MY_PRECIOUS
compiled in, so it won't be visible from the operating system level (e.g. viaps aux
)
Trouble is, I can now open that binary in a text editor or create a memory dump (e.g. with GDB) and with a little determination dig up the secret, especially if I know the context in which it is being used - I'm assuming that some malicious actor might have obtained access to the source code. So I've been wondering, is there any way to force GHC to produce a more obfuscated/garbled binary, in which such values would not be readily visible. I'm aware that no such protection scheme can be bulletproof, but I'm looking for a way to make the intruder's task harder.
答案1
得分: 5
混淆是浪费时间。您最终会花费数天时间尝试想出聪明的东西,但一个新手逆向工程师只需几分钟就可以击败它。相反,您应该建立实际的安全性,而不是通过混淆来实现安全性,可以使用以下方式:
- 创建一个新的UNIX组,其中没有用户
- 将您的机密信息放在只有root和该组可以读取的文件中
- 编写您的程序以在启动时从该文件中读取机密信息
- 使您的二进制文件设置为可由能够读取该文件的组运行
现在在文本编辑器中打开二进制文件将什么都不会显示,因为机密信息根本不在其中,而且由于内核不允许对setgid进程执行内存转储,因此无法进行内存转储。
英文:
Obfuscation is a total waste of time. You'll end up spending days trying to come up with something clever only for a rookie reverse engineer to defeat it in minutes. Instead, you should set up actual security rather than security through obscurity, with something like this:
- Create a new UNIX group with no users in it
- Put your secrets in a file only readable by root and that group
- Code your program to read secrets from that file at startup
- Make your binary setgid the group that can read the file
Now opening the binary in a text editor will yield nothing, since the secrets aren't in it at all, and taking a memory dump is impossible since the kernel doesn't let you do that to a setgid process.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论