Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make target - proxy communication more secure.
Previously, the listening party just opened a socket and waited for any TCP/IP connection. There was no authentication - any random process could connect to the proxy or target, and start sending bogus commands. That has two security problems: 1. It allows hijacking another user's debugging session. 2. The proxy and target are not very careful at checking the input coming through the target <-> proxy connection, so you could send invalid input and cause a server crash or a buffer overflow that might be exploitable for privilege escalation. A third problem is that the pldbg_attach_to_port(port) allowed connecting to any local port in the system, whether or not it belonged to a debugging session. That's not very serious, as you couldn't send arbitrary commands through the connection, but better to plug that too. It's still not a good idea to install pldebugger on a production server, there's probably more vulnerabilities not covered by this, but this is a good start at making it more robust. To fix those issues, there's now a little shared memory structure that's used to register connections belonging to pldebugger. Whenever a backend initiates a connection or listens for a connection, it registers the port number in shared memory. The other end can then check the shared memory block to make sure it's connected to a legitimate debugging proxy or target. This encapsulates the functions used to create connections between proxy and target to new dbgcomm.c file. Similar to the breakpoint functions, the functions in dbgcomm.c are used by both pldbgapi.so and plugin_debugger.so, so plugin_debugger.so must be loaded before pldbgapi.so can be used.
- Loading branch information
