Matt schreef op 02-11-14 om 22:01:
You're basically correct in that it really protects against segmentation
faults (and other things like that) allowing access to memory regions
that the code shouldn't access, and as such in theory V8 shouldn't be
vulnerable to such things.
On second thought, since V8 and thus the JavaScript code is part of
these memory regions, anything including the JS might be compromised by
a vulnerability in any of the C code.
Having said that, it's not a terrible idea to implement this kind of
thing, it just seems like you may be over-thinking it. It's far more
important to get the basics of security right in your application, and
most people don't spend nearly enough time on that.
Agree, it's just an extra mitigation to make my server more secure in
the hope that it gets widely deployed. And it's not that hard to
separate privileges if you're still in the developing phase. It will be
painful to retrofit it in existing monolithic servers, so I hope this
design pattern will be used more when building new (nodejs) servers.
-Tim
Matt.
On Sat, Nov 1, 2014 at 2:06 PM, Tim Kuijsten <[email protected]
<mailto:[email protected]>> wrote:
Can anyone confirm my assumption that splitting my node server
process into an unprivileged child that handles incoming network
connections and a privileged parent that has access to a password
database prevents attacks on the V8 network layer where an attacker
would otherwise be able to get privileged access.
The only communication between the parent and the child occurs over
an IPC channel where the parent only accepts simple and strictly
typed JSON messages.
I'm trying to build a server and apply some privilege separation
techniques [1] comparable to how OpenSSH is doing this [2]. But I'm
a bit insecure if these techniques really make sense in a garbage
collected and interpreted language like JavaScript. I can imagine it
only mitigates against flaws in V8, OpenSSL, libuv and any other
bundled C code, but not so much against flaws in the JS I write myself.
-Tim
[1]
https://github.com/Netsend/__mastersync/wiki/Mastersync-__privilege-separation
<https://github.com/Netsend/mastersync/wiki/Mastersync-privilege-separation>
[2] http://www.citi.umich.edu/u/__provos/papers/privsep.pdf
<http://www.citi.umich.edu/u/provos/papers/privsep.pdf>
--
Job board: http://jobs.nodejs.org/
New group rules:
https://gist.github.com/__othiym23/9886289#file-__moderation-policy-md
<https://gist.github.com/othiym23/9886289#file-moderation-policy-md>
Old group rules:
https://github.com/joyent/__node/wiki/Mailing-List-__Posting-Guidelines
<https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines>
--- You received this message because you are subscribed to the
Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to nodejs+unsubscribe@__googlegroups.com
<mailto:nodejs%[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/__msgid/nodejs/54552135.4010602%__40netsend.nl
<https://groups.google.com/d/msgid/nodejs/54552135.4010602%40netsend.nl>.
For more options, visit https://groups.google.com/d/__optout
<https://groups.google.com/d/optout>.
--
Job board: http://jobs.nodejs.org/
New group rules:
https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/nodejs/CAPJ5V2ZkAe1Fp2kXi%2BBs3vRZo85HxsSY7rk%2BOupG4x-bJuXk3g%40mail.gmail.com
<https://groups.google.com/d/msgid/nodejs/CAPJ5V2ZkAe1Fp2kXi%2BBs3vRZo85HxsSY7rk%2BOupG4x-bJuXk3g%40mail.gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
Job board: http://jobs.nodejs.org/
New group rules:
https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/nodejs/54579813.10004%40netsend.nl.
For more options, visit https://groups.google.com/d/optout.
