Java Programming | RMI and security

Author	Message	Time
iago	There are some RMI functions that I have in this code that seem to have security problems. How difficult is it, without knowledge of function names, or parameters, or anything like that, to be able to execute arbitrary RMI commands on a machine? The set up right now is internet <--> Frodo <--> dev2, where frodo and dev2 communicate with rmi calls. As it stands, they are on a test network (not the internet), but dev2 can also be seen from the rest of the network. now, at least a couple of the functions have code like this to transfer a file to dev2 from frodo: [code] public void putFile(File fName, byte[] fBytes) throws RemoteException { verifyUser(); fName = makeSpacesIntoUnderscore(fName); verifyFile(fName); try { FileOutputStream fos = new FileOutputStream(fName); fos.write(fBytes); fos.close(); giveFile(fName); }[/code] verifyFile just makes sure the filename is non-null. giveFile() looks like this: [code] private void giveFile(File target) throws RemoteException, IOException { rt.exec("chown "+userName+" "+target.toString() ); }[/code] Although the filename is checked on the client, it is not checked on the server. So bottom line is this: If somebody can execute arbitrary RMI calls, they will be able to not only upload, but execute an arbitrary file with root permissions. Should I be worried? :)	January 26, 2004, 3:47 PM
iago	This worries me more: The ip for dev2 is passed to a Servlet in a form (don't ask why; it pretty much has to be done like this). Is it a danger that somebody could change that ip to some third party computer and bounce the packets back, modifying their contents? Should this be a concern?	January 27, 2004, 5:43 PM
St0rm.iD	You really should stop using RMI :) You're quickly discovering why no one uses it outside of a firewall. It's slow, a pain, and not secure. May I suggest XML-RPC?	January 27, 2004, 11:26 PM
iago	It would be a huge task to move away from RMI. I'll just have to talk to the admins tomorrow about how it'll be firewalled to make sure this is safe.	January 28, 2004, 2:24 AM
St0rm.iD	Deep in the docs for RMI, you'll find something about writing your own transport for RMI. Perhaps there lies the answer.	January 28, 2004, 11:32 PM

Author

Message

Time

iago

There are some RMI functions that I have in this code that seem to have security problems. How difficult is it, without knowledge of function names, or parameters, or anything like that, to be able to execute arbitrary RMI commands on a machine?

The set up right now is internet <--> Frodo <--> dev2, where frodo and dev2 communicate with rmi calls. As it stands, they are on a test network (not the internet), but dev2 can also be seen from the rest of the network.

now, at least a couple of the functions have code like this to transfer a file to dev2 from frodo:
[code] public void putFile(File fName, byte[] fBytes) throws RemoteException
{
verifyUser();
fName = makeSpacesIntoUnderscore(fName);
verifyFile(fName);

try
{
FileOutputStream fos = new FileOutputStream(fName);
fos.write(fBytes);
fos.close();
giveFile(fName);
}[/code]

verifyFile just makes sure the filename is non-null. giveFile() looks like this:
[code] private void giveFile(File target) throws RemoteException, IOException
{
rt.exec("chown "+userName+" "+target.toString() );
}[/code]

Although the filename is checked on the client, it is not checked on the server. So bottom line is this:
If somebody can execute arbitrary RMI calls, they will be able to not only upload, but execute an arbitrary file with root permissions.

Should I be worried? :)

January 26, 2004, 3:47 PM

iago

This worries me more:

The ip for dev2 is passed to a Servlet in a form (don't ask why; it pretty much has to be done like this).

Is it a danger that somebody could change that ip to some third party computer and bounce the packets back, modifying their contents? Should this be a concern?

January 27, 2004, 5:43 PM

St0rm.iD

You really should stop using RMI :) You're quickly discovering why no one uses it outside of a firewall. It's slow, a pain, and not secure.

May I suggest XML-RPC?

January 27, 2004, 11:26 PM

iago

It would be a huge task to move away from RMI. I'll just have to talk to the admins tomorrow about how it'll be firewalled to make sure this is safe.

January 28, 2004, 2:24 AM

St0rm.iD

Deep in the docs for RMI, you'll find something about writing your own transport for RMI. Perhaps there lies the answer.

January 28, 2004, 11:32 PM

Valhalla Legends Forums Archive | Java Programming | RMI and security