Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 26 Apr 2014 21:58:55 +0300
From:      Kimmo Paasiala <kpaasial@icloud.com>
To:        Joe Parsons <jp4314@outlook.com>
Cc:        "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: am I NOT hacked?
Message-ID:  <DB93F980-39D4-4C6B-AE61-6C7BD572F3E4@icloud.com>
In-Reply-To: <BAY180-W19B6B2EB8597AA9F6383A4C4450@phx.gbl>
References:  <BAY180-W44C86C61CA8027AC418DD8C4450@phx.gbl> <CAK-wPOjM6oSuMc-ogzEPX62-Z8xNJWyKrHCJ=hUg1EwK%2BMAjCA@mail.gmail.com> <BAY180-W6170BEC00A4018BBB261EFC4450@phx.gbl> <BAY180-W19B6B2EB8597AA9F6383A4C4450@phx.gbl>

next in thread | previous in thread | raw e-mail | index | archive | help

--Apple-Mail=_8A01CDAA-012A-44C9-BC9F-71782A8737B1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252


On 26.4.2014, at 21.17, Joe Parsons <jp4314@outlook.com> wrote:

> Sorry, one paragraph of my last reply appears to be screwed up on the =
web archive.   You can ignore that reply and just read the following.  =
I'm sorry for the confusion.  =20
>=20
>=20
> Ok, thanks a lot for all your kind help.  I learned the pwd_mkdb =
manpage and the databases as you suggested.
>=20
> To clarify, I understand 9.1 kernel contains the non-vulnerable =
version of openssl library, hence mere apache/https is not vulnerable.  =
However the vulnerable openssl port is installed for the mail software =
to provide imaps/pops/smtps services, so they are vulnerable.
>=20
> The following reply is what I'm confused:
>=20
>> In any case, heartbleed does *not* facilitate remote code execution =
or
>> code injection, only information retrieval, so unless your passwords
>> were stored in cleartext (or a weakly hashed form) in the memory of =
an
>> Internet-facing SSL-enabled service (such as https, smtp with =
STARTTLS
>> or imaps, but not ssh), you cannot have been "hacked" as a =
consequence
>> of heartbleed.
>=20
> I ssh into the system, and I /usr/bin/su to become root.  Do my shell =
passwords show up in in clear text in the memory briefly, so the =
attacker could happen to harvest them?  In another word, on a system =
with the vulnerable openssl port, do we need to change the shell =
password for root and other users, if these passwords are ONLY used in =
ssh and /usr/bin/su ?
>=20
> I googled and found few result, almost all are focused on changing =
user mail passwords and server certificates.  Only found this page said =
they changed server root password:
>=20
> =
http://digitalopera.com/geek-rants/what-were-doing-to-combat-heartbleed/
>=20
> Thanks, Joe
> 		 	   		 =20

You=92re missing a few fundamental properties of a modern operating =
system, memory management and memory protection. The sshd or the su =
processes might have the passwords in the clear in their own memory for =
some time but any other process (for example the web server with the =
vulnerable OpenSSL) has no access to that memory because of how virtual =
memory works. Every process has its own private memory space and the =
process can not address memory owned by other processes. For example, a =
process running on i386 can try to address all of the 4GBs that the i386 =
instruction set allows it to do but none of the memory that it can read =
or write belongs to another process because the OS keeps the those =
private address spaces separate from each other using the memory =
management hardware on the CPU.


-Kimmo


--Apple-Mail=_8A01CDAA-012A-44C9-BC9F-71782A8737B1
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJTXAHzAAoJEFvLZC0FWRVpa3cH/34RKCwd8F28n+gvHpH/q+YV
k/HD6BW9Qk+dAr3A6wlk57Lty81jxD8U0f9CRCo2DLfJ63s94ZSabwSvKme3tcau
G1XQctSGFmzNXydOVR57zDRS9ycQGv9cxaSpCEabGZlmaus2xXoHVIbJbY61430R
U1p/BOc1tsY1iSL2+HrZ+wzuboQ9k9IOl9XPxHCntNEFltF/OEwtgKay140tLuxX
uDtTzXW5gSq+Lo0RqwAQ3vqE+ZXjLxeZ/IZnYeKIPh8Q8nnepdnY54S5p++Kjkik
OHspvWYBno/3u/cvuBKuB13zyHyxsdje4Uc9YBvgfWhdMi0FEr/TmwwXqUXEhto=
=L+mB
-----END PGP SIGNATURE-----

--Apple-Mail=_8A01CDAA-012A-44C9-BC9F-71782A8737B1--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DB93F980-39D4-4C6B-AE61-6C7BD572F3E4>