Safe::Logs - Perl extension to avoid terminal emulator vulnerabilities
use Safe::Logs; # Always override warn() and die() use Safe::Logs qw(:all); # override eveything this module knows use Safe::Logs qw(:Carp); # Only override Carp:: methods use Safe::Logs qw(:Syslog); # Only override syslog() use Safe::Logs qw(protect); # protect() for use on your own # Or combine a few use Safe::Logs qw(:Syslog :Carp);
As shown by the people at Digital Defense, there are a number of vulnerabilities that can be remotely exploited in the terminal emulators that are so common today. These vulnerabilities might allow an attacker to execute arbitrary commands by a number of methods. The easiest one, illustrated on http://www.digitaldefense.net/labs/papers/Termulation.txt shows how to compromise a remote host by sending carefully chosen requests that end up in log files. It is then a matter of time for an innocent command such as
tail -f poisoned.log
To wreak havoc in your system.
You must use this module as the last in the list so that it can override the methods exported from other modules.
use
This module is a quick solution for this vulnerability. What it does is very simple: It replaces ocurrences of the ESC character in the output of any common logging mechanism such as use warnings, warn, use Carp and die.
use warnings
warn
use Carp
die
It does so by overriding the functions with a safer alternative so that no code needs to be changed. Hopefully this will be followed by better solutions from other Perl developers.
Note that in order for this protection to be effective, this module must be used as the last module (ie, after all the modules it can override) in order for proper method replacement to occur.
The protection can also be invoked by the protect method, which takes a list of arguments and returns the same list, with all ESC characters safely replaced. This method is provided so that you can call it by yourself.
protect
Tipically, you will want to issue an use Safe::Logs qw(:all) after the last module is used in your code, to automatically benefit from the most common level of protection agains the attacks describen in the paper.
use Safe::Logs qw(:all)
The list of methods or functions that this module replaces are as follows.
CORE::warn
The standard Perl warn().
warn()
CORE::die
The standard Perl die().
die()
Carp::carp
Carp::croak
Carp::confess
Carp::cluck
All the methods from Carp are overridden by this module.
Carp
Sys::Syslog
Unix::Syslog
The known and common syslog() calls are automatically overridden by this module.
syslog()
warnings::warn
warnings::warnif
Calls from warnings:: are automatically overridden by this module.
warnings::
Many. The methods are exported or overridden according to this
main::warn() - Always overridden main::die() - Always overridden warnings::warn() - Always overridden warnings::warnif() - Always overridden Carp::croak() - Only exported with :Carp or :all Carp::carp() - Only exported with :Carp or :all Carp::confess() - Only exported with :Carp or :all Carp::cluck() - Only exported with :Carp or :all main::syslog() - Only exported with :Syslog or :all protect() - Only exported with 'protect' or :all
Original version; created by h2xs 1.2 with options
-ACOXcfkn Safe::Logs -v 0.01
Luis E. Muñoz <luismunoz@cpan.org>
perl(1), Carp(3), warnings(3), Sys::Syslog(3), Unix::Syslog(3), Termulation.txt.
2 POD Errors
The following errors were encountered while parsing the POD:
You forgot a '=back' before '=head2'
Non-ASCII character seen before =encoding in 'Muñoz'. Assuming CP1252
To install Safe::Logs, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Safe::Logs
CPAN shell
perl -MCPAN -e shell install Safe::Logs
For more information on module installation, please visit the detailed CPAN module installation guide.