From 3c951df4cd084137ef81b109ccc5e099a2fb1558 Mon Sep 17 00:00:00 2001 From: Marian Beermann Date: Fri, 2 Jun 2017 12:21:59 +0200 Subject: [PATCH 1/3] docs/security: security track record of OpenSSL and msgpack --- docs/internals/security.rst | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/docs/internals/security.rst b/docs/internals/security.rst index 978338b7b..8421685c1 100644 --- a/docs/internals/security.rst +++ b/docs/internals/security.rst @@ -336,3 +336,30 @@ like remote code execution are inhibited by the design of the protocol: general pattern of server-sent responses and are sent instead of response data for a request. +The msgpack implementation used (msgpack-python) has a good security track record, +a large test suite and no issues found by fuzzing. It is based on the msgpack-c implementation, +sharing the unpacking engine and some support code. msgpack-c has a good track record as well. +Some issues [#]_ in the past were located in code not included in msgpack-python. +Borg does not use msgpack-c. + +.. [#] - `MessagePack fuzzing `_ + - `Fixed integer overflow and EXT size problem `_ + - `Fixed array and map size overflow `_ + +Using OpenSSL +============= + +Borg uses the OpenSSL library for most cryptography (see `Implementations used`_ above). +OpenSSL is bundled with static releases, thus the bundled copy is not updated with system +updates. + +OpenSSL is a large and complex piece of software and has had its share of vulnerabilities, +however, it is important to note that Borg links against ``libcrypto`` **not** ``libssl``. +libcrypto is the low-level cryptography part of OpenSSL, while libssl implements TLS and related protocols. +The latter is not used by Borg (cf. `Remote RPC protocol security`_, Borg does not implement +any network access) and historically contained most vulnerabilities, especially critical ones. + +Historic vulnerabilities affecting libcrypto in ways relevant to Borg were flaws in primtives +enabling side-channel and similar attacks. + +Therefore, both using and bundling OpenSSL is considered unproblematic for Borg. From 107e320a20f32bb05e13aab6be81aedad66fec17 Mon Sep 17 00:00:00 2001 From: Marian Beermann Date: Fri, 2 Jun 2017 12:52:30 +0200 Subject: [PATCH 2/3] binaries: don't bundle libssl ArchiverTestCaseBinary passes. --- docs/internals/security.rst | 12 +++++------- scripts/borg.exe.spec | 17 ++++++++++++++++- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/docs/internals/security.rst b/docs/internals/security.rst index 8421685c1..d028c7f98 100644 --- a/docs/internals/security.rst +++ b/docs/internals/security.rst @@ -355,11 +355,9 @@ updates. OpenSSL is a large and complex piece of software and has had its share of vulnerabilities, however, it is important to note that Borg links against ``libcrypto`` **not** ``libssl``. -libcrypto is the low-level cryptography part of OpenSSL, while libssl implements TLS and related protocols. -The latter is not used by Borg (cf. `Remote RPC protocol security`_, Borg does not implement +libcrypto is the low-level cryptography part of OpenSSL, +while libssl implements TLS and related protocols. + +The latter is not used by Borg (cf. `Remote RPC protocol security`_, Borg itself does not implement any network access) and historically contained most vulnerabilities, especially critical ones. - -Historic vulnerabilities affecting libcrypto in ways relevant to Borg were flaws in primtives -enabling side-channel and similar attacks. - -Therefore, both using and bundling OpenSSL is considered unproblematic for Borg. +The static binaries released by the project contain neither libssl nor the Python ssl/_ssl modules. diff --git a/scripts/borg.exe.spec b/scripts/borg.exe.spec index 07dcdfbe1..ea86a91d4 100644 --- a/scripts/borg.exe.spec +++ b/scripts/borg.exe.spec @@ -16,7 +16,9 @@ a = Analysis([os.path.join(basepath, 'src/borg/__main__.py'), ], hiddenimports=['borg.platform.posix'], hookspath=[], runtime_hooks=[], - excludes=[], + excludes=[ + '_ssl', 'ssl', + ], win_no_prefer_redirects=False, win_private_assemblies=False, cipher=block_cipher) @@ -38,3 +40,16 @@ exe = EXE(pyz, strip=False, upx=True, console=True ) + +if False: + # Enable this block to build a directory-based binary instead of + # a packed single file. This allows to easily look at all included + # files (e.g. without having to strace or halt the built binary + # and introspect /tmp). + coll = COLLECT(exe, + a.binaries, + a.zipfiles, + a.datas, + strip=False, + upx=True, + name='borg-dir') From b996afbc06ec8d5f31e851fb4672944fde585d93 Mon Sep 17 00:00:00 2001 From: Marian Beermann Date: Fri, 2 Jun 2017 13:05:54 +0200 Subject: [PATCH 3/3] docs/security: used implementations; note python libraries --- docs/internals/security.rst | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/internals/security.rst b/docs/internals/security.rst index d028c7f98..34621938e 100644 --- a/docs/internals/security.rst +++ b/docs/internals/security.rst @@ -254,9 +254,13 @@ on widely used libraries providing them: We think this is not an additional risk, since we don't ever use OpenSSL's networking, TLS or X.509 code, but only their primitives implemented in libcrypto. -- SHA-256 and SHA-512 from Python's hashlib_ standard library module are used +- SHA-256 and SHA-512 from Python's hashlib_ standard library module are used. + Borg requires a Python built with OpenSSL support (due to PBKDF2), therefore + these functions are delegated to OpenSSL by Python. - HMAC, PBKDF2 and a constant-time comparison from Python's hmac_ standard - library module is used. + library module is used. While the HMAC implementation is written in Python, + the PBKDF2 implementation is provided by OpenSSL. The constant-time comparison + (``compare_digest``) is written in C and part of Python. - BLAKE2b is either provided by the system's libb2, an official implementation, or a bundled copy of the BLAKE2 reference implementation (written in C).