Date: Sat, 26 Apr 2014 21:58:55 +0300 From: Kimmo Paasiala <kpaasial@icloud.com> To: Joe Parsons <jp4314@outlook.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: am I NOT hacked? Message-ID: <DB93F980-39D4-4C6B-AE61-6C7BD572F3E4@icloud.com> In-Reply-To: <BAY180-W19B6B2EB8597AA9F6383A4C4450@phx.gbl> References: <BAY180-W44C86C61CA8027AC418DD8C4450@phx.gbl> <CAK-wPOjM6oSuMc-ogzEPX62-Z8xNJWyKrHCJ=hUg1EwK%2BMAjCA@mail.gmail.com> <BAY180-W6170BEC00A4018BBB261EFC4450@phx.gbl> <BAY180-W19B6B2EB8597AA9F6383A4C4450@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_8A01CDAA-012A-44C9-BC9F-71782A8737B1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 26.4.2014, at 21.17, Joe Parsons <jp4314@outlook.com> wrote: > Sorry, one paragraph of my last reply appears to be screwed up on the = web archive. You can ignore that reply and just read the following. = I'm sorry for the confusion. =20 >=20 >=20 > Ok, thanks a lot for all your kind help. I learned the pwd_mkdb = manpage and the databases as you suggested. >=20 > To clarify, I understand 9.1 kernel contains the non-vulnerable = version of openssl library, hence mere apache/https is not vulnerable. = However the vulnerable openssl port is installed for the mail software = to provide imaps/pops/smtps services, so they are vulnerable. >=20 > The following reply is what I'm confused: >=20 >> In any case, heartbleed does *not* facilitate remote code execution = or >> code injection, only information retrieval, so unless your passwords >> were stored in cleartext (or a weakly hashed form) in the memory of = an >> Internet-facing SSL-enabled service (such as https, smtp with = STARTTLS >> or imaps, but not ssh), you cannot have been "hacked" as a = consequence >> of heartbleed. >=20 > I ssh into the system, and I /usr/bin/su to become root. Do my shell = passwords show up in in clear text in the memory briefly, so the = attacker could happen to harvest them? In another word, on a system = with the vulnerable openssl port, do we need to change the shell = password for root and other users, if these passwords are ONLY used in = ssh and /usr/bin/su ? >=20 > I googled and found few result, almost all are focused on changing = user mail passwords and server certificates. Only found this page said = they changed server root password: >=20 > = http://digitalopera.com/geek-rants/what-were-doing-to-combat-heartbleed/ >=20 > Thanks, Joe > =20 You=92re missing a few fundamental properties of a modern operating = system, memory management and memory protection. The sshd or the su = processes might have the passwords in the clear in their own memory for = some time but any other process (for example the web server with the = vulnerable OpenSSL) has no access to that memory because of how virtual = memory works. Every process has its own private memory space and the = process can not address memory owned by other processes. For example, a = process running on i386 can try to address all of the 4GBs that the i386 = instruction set allows it to do but none of the memory that it can read = or write belongs to another process because the OS keeps the those = private address spaces separate from each other using the memory = management hardware on the CPU. -Kimmo --Apple-Mail=_8A01CDAA-012A-44C9-BC9F-71782A8737B1 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJTXAHzAAoJEFvLZC0FWRVpa3cH/34RKCwd8F28n+gvHpH/q+YV k/HD6BW9Qk+dAr3A6wlk57Lty81jxD8U0f9CRCo2DLfJ63s94ZSabwSvKme3tcau G1XQctSGFmzNXydOVR57zDRS9ycQGv9cxaSpCEabGZlmaus2xXoHVIbJbY61430R U1p/BOc1tsY1iSL2+HrZ+wzuboQ9k9IOl9XPxHCntNEFltF/OEwtgKay140tLuxX uDtTzXW5gSq+Lo0RqwAQ3vqE+ZXjLxeZ/IZnYeKIPh8Q8nnepdnY54S5p++Kjkik OHspvWYBno/3u/cvuBKuB13zyHyxsdje4Uc9YBvgfWhdMi0FEr/TmwwXqUXEhto= =L+mB -----END PGP SIGNATURE----- --Apple-Mail=_8A01CDAA-012A-44C9-BC9F-71782A8737B1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DB93F980-39D4-4C6B-AE61-6C7BD572F3E4>