Erata.NET

Eti's Blog

I build software, climb rocks, and ski mountains. More about me on the links below.

Iulian Margarintescu's profile at Stack Overflow

Careers 2.0 Profile

Iulian Margarintescu

Iulian Margarintescu © 2014.
All rights reserved.

Flash Plugin on FreeBSD

16 Oct 2006 | freebsd | edit

Problem to solve

Make a recent flash player plugin work in firefox on FreeBSD 6.

Update

There is a new article on enabling the linux-flash7 plugin with native browsers.

With the release of FreeBSD 6.2 and the update on linuxpluginwrapper this tutorial has become obsolete. It's only recommended if you need to stick with an older version of freebsd and/or flashplugin.

Solution

First thing to do is get this patch for /usr/src/libexec/rtld-elf/rtld.c, copy it in /usr/src and do the following: (you must have the source tree in /usr/src and the version of the sources must be the same with the version of the installed world, if they are different or you are not sure it's probably best to rebuild your world ( FreeBSD world that is :) ) and kernel )

1 root#cd /usr/src
2 root#patch -p0 < rtld_dlsym_hack.diff
3 root#cd libexec/rtld-elf/
4 root#make && make install

After successfully installing the patch you need to fetch and unpack the linuxflashplayer7:

1 root#cd /usr/ports/www/linux-flashplugin7/
2 root#make fetch
3 root#cd /usr/local/lib/firefox/plugins/
4 root#tar zxvf /usr/ports/distfiles/flashplugin/7.0r68/install_flash_player_7_linux.tar.gz
5 root#cp install_flash_player_7_linux/libflashplayer.so libflashplayer.so
6 root#cp install_flash_player_7_linux/flashplayer.xpt flashplayer.xpt

Now make sure you have the plugin files ( libflashplayer.so and flashplayer.xpt ) in /usr/local/lib/firefox/plugins.You now need to install the linuxpluginwrapper:

1 root#cd /usr/ports/www/linuxpluginwrapper/ && make install clean

Finally you have to change /etc/libmap.conf:

1 [/usr/local/lib/firefox/plugins/libflashplayer.so]
2 libpthread.so.0 libpthread.so.2
3 libdl.so.2 pluginwrapper/flash7.so
4 libz.so.1 libz.so.3
5 libm.so.6 libm.so.4
6 libc.so.6 pluginwrapper/flash7.so

Now open your browser and go to about:plugins. Flash 7 plugins is active.

Web application security flows

12 Oct 2006 | security | edit

Here goes... my first security related post :)

Intro

First i must say that this will not be a way to prove that your application is secure, it will only be a quick & dirty way of finding common bugs in web applications. The following will be a few techniques that i tend to use the first time i see an web application ( and generally a database application ). I will use PHP for the few code examples but the vulnerabilities presented are not limited to PHP, in fact are independent of the server-side programming language used.

Unexpected Input

The first and most common bug is unsanitized user input. The easy way to check for this error is to start replacing variables passed on the URL with characters that need to be escaped when used in an SQL query. Let's say the after submitting some data or clicking a link in the application you end up in a page like

http://www.example.com/products.php?category=1

In an vulnerable application this most probably generates a query like

$query='SELECT * FROM products WHERE category_id='.$_GET['category']

Now changing the value of the category to a special SQL character is straightforward:

http://www.example.com/products.php?category='

And if the assumption about how the variable is used is correct you will probably end up in a page containing an error message from the database server telling you that there was an error executing the query. Now the executed query looks like this:

SELECT * FROM products WHERE category_id='

Hmm... what next? Server said error, it was an error so what's the big deal? Very big deal. Now let's change the variable to something that actually does something.

http://www.example.com/products.php?category=1;drop table products;

witch will generate a query like

SELECT * FROM products WHERE category_id=1;DROP TABLE products;

Is this big deal enough ? Or maybe something like:

http://www.example.com/products.php?category=1;insert into users values( null , 'x',password('x'),true );

assuming that there is a user system in the application and a table users ( userid , username , userpassword , isadmin ) the query will become:

SELECT * FROM products WHERE category_id=1;insert into users values( null , 'x',password('x'),true );

which, if the assumptions are correct, will insert a new user x witch is admin.

This example is only supposed to give you an idea of this attack vector on an application. Evan if this example is very simplistic I'm amazed of how many application i found ( and find every day ) that are vulnerable to this attack.

As a habit when i see an URL that contains something like variable=value i usually try changing value to an ' and see what happens. This takes only a few seconds. If i end up in an empty page most probably the attack works but errors are not displayed. If the application keeps working but says an error has occurred again most probably this attack works. If no error is displayed and the application keeps working as expected it only means that the particular variable that I've changed is probably checked and escaped before building the query string.

Again i have to say that if you test your application like this and nothing happens it DOES NOT mean that your application is secure, only that the particular variables that you tried are probably escaped.

I'll stop here for now, but just remember to change the URL every time you see a variable and do report the problem to the author or owner of the application so that maybe the web will become a safer place.

... more to come soon ...

Exploits of a mom