WolfMUD: Journal for Monday, 1st May, 2017


  Up to Main Index                               Up to Journal for May, 2017

                       JOURNAL FOR MONDAY 1ST MAY, 2017
______________________________________________________________________________

SUBJECT: Important security update
   DATE: Mon  1 May 20:20:02 BST 2017

I’ve just updated the public dev branch with an important security update. I’m
currently working on a new release, with the fix, which will be available
soon.

If you have been using the public dev branch and the ‘#DUMP heapdump’ command
and local users are able to access the heapdump file, it is possible some
player passwords may have been compromised.

The #DUMP command is not available in any current official release — only on
the public dev branch. However, if local users can inspect the memory of the
WolfMUD server process in any way it is possible some player passwords may
have been compromised.

The introduction of the recent #DEBUG command has highlighted a security
issue, specifically when using ‘#DEBUG heapdump’. If you examine the heapdump
with a hexeditor or the strings command it is possible you will find plain
text passwords contained in it. This is due to the fact that plain text
passwords need to be handled during login and account creation and so held in
memory.

The fix is not 100% bulletproof. During normal use memory can be copied to
swap files, core dumps, held in network buffers, swapped to disk during
hibernation, copied when migrating virtual machines and by memory analysis
tools. This is not an issue unique to WolfMUD.

What the fix does is minimise the amount of time the plain text passwords are
held in memory, reducing the attack window considerably. The permissions of
files created by #DEBUG and for new player files have also been tightened.

Additional precautions that can be taken are:


  - Reduce access to the WolfMUD files:
    + Update file permissions of player files: chmod 0660 data/players/*.wrj
    + Update file permissions of any blockprof, cpuprof, heapdump and memprof
      files in a similar way.
  - Don’t leave blockprof, cpuprof, heapdump and memprof files laying around.
  - Run the WolfMUD server as a separate or restricted user/group. Create a
    WolfMUD user and group. Login as that user to run the WolfMUD server.
  - If possible disable swap files.


However, this will not prevent data from being held in network buffers or from
being written to disk during hibernation. Even if the passwords were protected
in RAM using the mlock/munlock system calls it would not prevent memory being
copied and accessible in all situations.

I apologise for mistakes made with WolfMUD, which were 100% my own.

If anyone wants more information or has any advice on improving WolfMUD
security, please contact me: diddymus@wolfmud.org

--
Diddymus

______________________________________________________________________________

SUBJECT: WolfMUD v0.0.6 released
   DATE: Mon  1 May 23:13:57 BST 2017

The next release of WolfMUD, v0.0.6, is now available for download[1].

This release contains an important security update, a few bug fixes along with
some new features including custom item clean up and reset/respawn messages.

Main highlights from the release notes:

Security

  - Tighten permissions on new player files and file produced by the #DEBUG
    command. It is adviseable to run chmod 0660 data/players/*.wrj on Linux. On
    Windows please review the file permissions for existing files.
    Commit: da2ed6b and eefef4b.

  - Reduce the amount of time plain text passwords are held in memory. Some
    player passwords may have been compromised due to use of the #DUMP command
    and access to the heapdump file. Some player passwords may have been
    compromised if local users can access the server's memory.
    Commit: b29e762.

Added

  - New OnCleanup attribute for custom clean up messages, see
    docs/zone-files.txt for more details.
  - New OnReset attribute for reset/respawning up messages, , see
    docs/zone-files.txt for more details.
  - New OnAction and Action attributes, see docs/zone-files.txt for more
    details.
  - Inventories have a new Players method for checking if there are any players
    in an inventory.
  - New #DEBUG command to aid developing and debugging.

Changed

  - Output of READ command made more generic. Instead of the template being
    "You read the writing on <item>. It says: <writing>" it is now "You read
    <item>.  <writing>".  Wording of WRITING attributes in zone files may need
    updating.
  - If a reset or respawn occurs within a container and an OnReset message is
    provided the message will propagate to the location the container is in.
  - Zone files updated with OnCleanup and OnReset messages.
  - Prevention of players being junked now via automatic veto.
  - Statistics in log now display a Thing count.
  - Lease acquired and released messages no longer reported in log.
  - Improved debugging flags in config.wrj, see docs/configuration-file.txt for
    more details.
  - Event goroutines now recover from a panic unless Debug.Panic is true. See
    docs/configuration-file.txt for more details.

Fixed

  - The LOOK command now automatically uppercases the first letter in titles.
  - The TAKE command now automatically uppercases the first letter of a
    container's name.
  - Improved layout of event.Cancel in #DUMP output.
  - The #DUMP command no longer crashes the server with invalid addresses.

--
Diddymus

  [1] Download area: ../../../downloads/


  Up to Main Index                               Up to Journal for May, 2017