Up to Main Index Up to Journal for May, 2017 JOURNAL FOR MONDAY 1ST MAY, 2017 ______________________________________________________________________________ SUBJECT: Important security update DATE: Mon 1 May 20:20:02 BST 2017 I’ve just updated the public dev branch with an important security update. I’m currently working on a new release, with the fix, which will be available soon. If you have been using the public dev branch and the ‘#DUMP heapdump’ command and local users are able to access the heapdump file, it is possible some player passwords may have been compromised. The #DUMP command is not available in any current official release — only on the public dev branch. However, if local users can inspect the memory of the WolfMUD server process in any way it is possible some player passwords may have been compromised. The introduction of the recent #DEBUG command has highlighted a security issue, specifically when using ‘#DEBUG heapdump’. If you examine the heapdump with a hexeditor or the strings command it is possible you will find plain text passwords contained in it. This is due to the fact that plain text passwords need to be handled during login and account creation and so held in memory. The fix is not 100% bulletproof. During normal use memory can be copied to swap files, core dumps, held in network buffers, swapped to disk during hibernation, copied when migrating virtual machines and by memory analysis tools. This is not an issue unique to WolfMUD. What the fix does is minimise the amount of time the plain text passwords are held in memory, reducing the attack window considerably. The permissions of files created by #DEBUG and for new player files have also been tightened. Additional precautions that can be taken are: - Reduce access to the WolfMUD files: + Update file permissions of player files: chmod 0660 data/players/*.wrj + Update file permissions of any blockprof, cpuprof, heapdump and memprof files in a similar way. - Don’t leave blockprof, cpuprof, heapdump and memprof files laying around. - Run the WolfMUD server as a separate or restricted user/group. Create a WolfMUD user and group. Login as that user to run the WolfMUD server. - If possible disable swap files. However, this will not prevent data from being held in network buffers or from being written to disk during hibernation. Even if the passwords were protected in RAM using the mlock/munlock system calls it would not prevent memory being copied and accessible in all situations. I apologise for mistakes made with WolfMUD, which were 100% my own. If anyone wants more information or has any advice on improving WolfMUD security, please contact me: diddymus@wolfmud.org -- Diddymus ______________________________________________________________________________ SUBJECT: WolfMUD v0.0.6 released DATE: Mon 1 May 23:13:57 BST 2017 The next release of WolfMUD, v0.0.6, is now available for download[1]. This release contains an important security update, a few bug fixes along with some new features including custom item clean up and reset/respawn messages. Main highlights from the release notes: Security - Tighten permissions on new player files and file produced by the #DEBUG command. It is adviseable to run chmod 0660 data/players/*.wrj on Linux. On Windows please review the file permissions for existing files. Commit: da2ed6b and eefef4b. - Reduce the amount of time plain text passwords are held in memory. Some player passwords may have been compromised due to use of the #DUMP command and access to the heapdump file. Some player passwords may have been compromised if local users can access the server's memory. Commit: b29e762. Added - New OnCleanup attribute for custom clean up messages, see docs/zone-files.txt for more details. - New OnReset attribute for reset/respawning up messages, , see docs/zone-files.txt for more details. - New OnAction and Action attributes, see docs/zone-files.txt for more details. - Inventories have a new Players method for checking if there are any players in an inventory. - New #DEBUG command to aid developing and debugging. Changed - Output of READ command made more generic. Instead of the template being "You read the writing on <item>. It says: <writing>" it is now "You read <item>. <writing>". Wording of WRITING attributes in zone files may need updating. - If a reset or respawn occurs within a container and an OnReset message is provided the message will propagate to the location the container is in. - Zone files updated with OnCleanup and OnReset messages. - Prevention of players being junked now via automatic veto. - Statistics in log now display a Thing count. - Lease acquired and released messages no longer reported in log. - Improved debugging flags in config.wrj, see docs/configuration-file.txt for more details. - Event goroutines now recover from a panic unless Debug.Panic is true. See docs/configuration-file.txt for more details. Fixed - The LOOK command now automatically uppercases the first letter in titles. - The TAKE command now automatically uppercases the first letter of a container's name. - Improved layout of event.Cancel in #DUMP output. - The #DUMP command no longer crashes the server with invalid addresses. -- Diddymus [1] Download area: ../../../downloads/ Up to Main Index Up to Journal for May, 2017