Tuesday, April 9, 2013

OpenSSL PrivSep trickery

During this years hackweek, I implemented a
OpenSSL PrivSep. It's far from complete, but it features most
of the SSL functions you need to run a SSL server
or client. It also features the seccomp sandbox,
so all the dirty SSL handshake and protocol/parsing is done
in a confined process.

I used my research webserver project, lophttpd to
demonstrate on how it works.
Basically you just include two header files,
provide a callback named privsep_init() and tell
the PrivSeped process, which is started at the
time you call any of the OpenSSL init functions,
when to actually drop the privileges with
SSL_privsep_ctrl(PRIVSEP_DROP_PRIV). And thats it.

You can copy the *.c and *.h files from the sslps
git repo to the lophttpd dir and make -f Makefile.sslps
Do not mind the warnings about the redefinitions
of certain OpenSSL macros, they need to be replaced
in order to proxy all the SSL_ functions to the
confined process.

Fear my drawing skills and have a look at the whole picture
so its easier to understand :)

No comments: