Ruby Forum Ruby > Security in use of contants

Is secure use constants?

I come from Python and it isn't recommended there.

Kless wrote:

> Is secure use constants?
> 
> I come from Python and it isn't recommended there.

Use constants to avoid repeating a literal with the same meaning, such 
as '42',
in various locations in your code.

What do you mean by "secure"? Neither Ruby nor Python are secure from 
reverse
engineering, because all the source is hanging out visible for all to 
see!

>
> What do you mean by "secure"? Neither Ruby nor Python are secure from reverse
> engineering, because all the source is hanging out visible for all to see!
>
> --
>    Phlip

private static final int 42;

Or something like this...

On Aug 17, 8:36 pm, Phlip <phlip2...@gmail.com> wrote:
>
> --
>    Phlip

How do you come up with this question?

CONSTANTS are perhaps more secure in comparison to loops. :-)
Be avare of the interations.

loolek wrote:

> private static final int 42;
> 
> Or something like this...

What is secure about that? Nobody can ever change it?

Even in C, a language designed to compile directly to machine language 
with no
questions asked, you can still force a constant to change. You get 
"undefined
behavior", but you can still do it.

Don't worry about your constants changing. Just write clean code, and 
pay
attention to your warnings & test results, and you will be okay.

"Nobody can ever change it?"

Yes, yes -> i mean, under the java vm security control -> nobody can
change it.

That's cool for me -> but means nothing for a serious hacker...

peter

"Don't worry about your constants changing."

My job is -> be full secure !!!

So, i am worring about this -> "small ruby leak"....

Do you need a case study -> for this "bad" situation, becouse a week
constant guarding (for example in C)?

"Just write clean code, and pay attention to your warnings & test
results, and you will be okay."

Thanks buddy.........you help a lot :P

peter

loolek wrote:
> "Don't worry about your constants changing."
> 
> My job is -> be full secure !!!
> 
> So, i am worring about this -> "small ruby leak"....
> 
> Do you need a case study -> for this "bad" situation, becouse a week
> constant guarding (for example in C)?

I admit it, I'm largely ignorant of security issues. What kind of bad
thing can you do with Ruby constants?

loolek wrote:

> "Don't worry about your constants changing."

> My job is -> be full secure !!!

Static type checking (constant, private, etc.) only provide negative
reinforcement that code might work as designed. Unit tests provide 
positive
reinforcement that your features behave as expected. Code with 
wall-to-wall unit
tests is better than any code with all kinds of constants, privates, and 
typechecks.

> I admit it, I'm largely ignorant of security issues. What kind of 
> bad thing can you do with Ruby constants?

It depends on the coder in question:

- matz once single handedly trapped Chuck Norris within a constant void.

- Lesser ruby coders may utterly fail in doing so, ending up as bloody 
BBQ.

Also, there exists believable rumours that one can do time travels with 
constants, if used in the right way (full moon, 12 fresh sheep, some old 
gold coins and a pirate curse...)

But again beware, only those strong in will may succeed...

"What kind of bad thing can you do with Ruby constants? "

I think this is not the question of ruby. Imagine this -> there is a
constant that holds the value that triggers the cooler sticks in a
nuclear power plant. Than the bad guy "overwrites" it, what comes
next ?

A BIG CRASH BANG

"I'm largely ignorant"

Are you sure, you will be ingnorant if you where living in the next
city from the plant ?

peter

"Static"

The JVM do this dynamically, how do you mean "static" ?

"only provide negative reinforcement ... wall-to-wall unit tests is
better"

Could you explain this more detailed, i dont get it what are you
thinking about ?

peter

On Mon, 2008-08-18 at 12:06 +0900, loolek wrote:
> I think this is not the question of ruby. Imagine this -> there is a
> constant that holds the value that triggers the cooler sticks in a
> nuclear power plant. Than the bad guy "overwrites" it, what comes
> next ?

To be blunt, this is a nonissue.  If the "bad guy" is in a position to
redefine a Ruby constant, he is capable of doing much worse things with
less trouble.

-mental

"Unit tests provide positive reinforcement that your features behave
as expected."

Yehh, if you know how to write bulletproof unit tests......

peter

loolek wrote:

> "What kind of bad thing can you do with Ruby constants? "
> 
> I think this is not the question of ruby. Imagine this -> there is a
> constant that holds the value that triggers the cooler sticks in a
> nuclear power plant. Than the bad guy "overwrites" it, what comes
> next ?

Okay, you and I are bidding for that contract. (In an imaginary, 
old-fashioned
world where government contract bids are competitive!;)

I tell them I will use a constant there.

You tell them you will write unit tests for all your code.

Who should get the contract?

And note that, in Ruby, changing the immediate value of a constant 
("immediate"
meaning it is a small integer only), causes a warning.

"You tell them you will write unit tests for all your code."

Wrong, i will never work for the goverment -> the job is yours whitout
a BID...

Double wrong, i never write unit tests, becouse i sad it -> unit tests
NEVER discovers all of the security holes (remember FULL security).

"meaning it is a small integer only"

Yeah, this small door will be enough for that clever/fast bad guy ->
BANG AGAIN

"causes a warning"

This is interesting, do you have a rubydoc link to this topic ?

peter

> "Unit tests provide positive reinforcement that your features behave
> as expected."
>
> Yehh, if you know how to write bulletproof unit tests......

You know the difference between negative and positive reinforcement, 
right?

"right?"

Nope, PLZ explain it.

peter

""causes a warning""

"This is interesting, do you have a rubydoc link to this topic ? "

And don't forget this Q.

peter

On Sunday 17 August 2008 22:06:51 loolek wrote:
> "What kind of bad thing can you do with Ruby constants? "
> 
> I think this is not the question of ruby. Imagine this -> there is a
> constant that holds the value that triggers the cooler sticks in a
> nuclear power plant. Than the bad guy "overwrites" it, what comes
> next ?

Ok, first, how does the "bad guy", whoever they are, get the ability
to "overwrite" it? They shouldn't even be on the same _network_, let 
alone in
my memory space.

And, for that matter, if they were in my memory space, they can do a 
hell of a
lot worse than "overwriting a constant".

Here, I think XKCD explains this better than I could:

http://xkcd.com/463/

> Are you sure, you will be ingnorant if you where living in the next
> city from the plant ?

Sorry, but the magnitude of possible failure doesn't prove your point.

No one is saying that it's OK to be less secure. What we are saying is 
that
you are wrong about how to go about being secure.

In other words, we are saying that your attitude towards security is 
more
likely to blow up that hypothetical plant than, say, proper unit 
testing.

On Aug 17, 7:00 pm, Kless <jonas....@googlemail.com> wrote:
> Is secure use constants?
>
> I come from Python and it isn't recommended there.

Ops! I was wrong! I mean global variables instead of constants. Sorry!

"Ok, first, how does the "bad guy", whoever they are, get the ability
to "overwrite" it? They shouldn't even be on the same _network_, let
alone in
my memory space.

And, for that matter, if they were in my memory space, they can do a
hell of a
lot worse than "overwriting a constant".

This topic turned to interesting "ruby hacker" lessons. But first let
me answare your Qs ->

"Ok, first ... whoever they are"

a. May be ter*rist or whatever, don' really matter. But they are only
one guy.


"get the ability to "overwrite" it?"

Secound, play that -> i am the bad guy...

a. I was won the ruby programmer job at the plant -> I'm in!

b. I hacked the box of the security guy of the plant (home machine).
Why? Becouse he/she is got connection to the inner plant network
(SSH). So i am in again! (idea from Kevin)

c. I gave a really cool video game CD to my "new friend Joe", who is
working at the plant. Why? Becouse he will install it on the inner
box, just for fun. The game will install me among the cool game. So i
am in again!

d. Maybe in the plant, there is some "hard but alive" way -> between
the local and public lan.

e. Should i continue?


"let alone in my memory space."

Hmm, how do you mean this? The ruby code will guard the memory/
hardware/io/etc. I really don't get you?

But anyway -> i was first hacked the unpatched Linux kernel... Should
i continue the "how"?

a. I thought only only the CPU's protected mode can do this kind of
job. Or i am wrong?


"WE are saying is that you are wrong about how to go about being
secure."

I think "hypotheticaly" -> i am right. In other words, you STILL don't
see the DANGER that the week coding language cousing?

"hell of a lot worse than "overwriting a constant""

Oh yes, i see now -> you don't smell the dager still, becouse you
asking this silly Q. But okay, what worse could happen?

a. You are dead.
b. Your home city is dead too.
c. You mom is dead too.
d. The water in your area is posioned for a long time.
e. etc.

peter

On Mon, Aug 18, 2008 at 4:26 AM, loolek <balla.peter@gmail.com> wrote:
(A bunch of stuff about trying to be l33t.)

There are many of ways, peter, to secure Ruby.  Maybe, you should ask 
_why.

That pun is intended.

_why made an open Ruby programming irb interface on the internet.  You
can _almost_ do anything you want on that site
(http://tryruby.hobix.com).  Constant security, blah.

Todd

On Aug 17, 2008, at 10:51 PM, loolek wrote:

> ""causes a warning""
>
> "This is interesting, do you have a rubydoc link to this topic ? "
>
> And don't forget this Q.

$ ruby -e 'C = "once"; C = "oops"'
-e:1: warning: already initialized constant C

James Edward Gray II

Why does loolek feel so much like Ilias?  Hmm…

James Edward Gray II

"http://tryruby.hobix.com"

This site is a bad ruby "demo", or i dont know. I followed the
instructions ->

type help <- the result is an error

type 2 + 6 <- the result is Bad Gateway error

>> 2 + 6
<html>
<head><title>502 Bad Gateway</title></
head>
<body
bgcolor="white">
<center><h1>502 Bad Gateway</h1></
center>
<hr><center>nginx/0.6.31</
center>
</
body>
</
html>
>>

Where was i wrong ?

peter

"$ ruby -e 'C = "once"; C = "oops"'
-e:1: warning: already initialized constant C "

Okay, but i don't decide yet to use ruby or not. So i have not
installed Ruby so far...

So ask again, PLZ send me a RubyDoc link about this topic !

The Google search dosn't fint this frase ->

google says: "Your search - site:rubydoc.org "already initialized
constant" - did not match any documents."

peter

> Why does loolek feel so much like Ilias?  Hmm…
>
> James Edward Gray II

Could you teach me ? -> What is Ilias means in this situation ? I know
Ilias is a good book. But the urbandictionary.com says:

1. Ilias

A person prone to sexual intercourse with an animal; most commonly a
canine.
1. I hope that's his tail you're scratching. I wouldn't have picked
you as an Ilias.

2. Scruffy looks sad. I thought he knew not to play stick with Ilias.

3. I don't trust that Ilias guy. Atleast Rocky's not constipates
anymore.

How could i mean this frase ?

And just an another Q -> what this is mean to me -> l33t ?

Sorry, but i am just an uneducated hungarian guy.

peter

> Why does loolek feel so much like Ilias?  Hmm…
>
> James Edward Gray II

Hmm...

The UrbanDictionary.com says:

1. ilias

A person prone to sexual intercourse with an animal; most commonly a
canine.
1. I hope that's his tail you're scratching. I wouldn't have picked
you as an Ilias.

2. Scruffy looks sad. I thought he knew not to play stick with Ilias.

3. I don't trust that Ilias guy. Atleast Rocky's not constipates
anymore.

How do you mean this ?

peter

2008/8/18 loolek <balla.peter@gmail.com>:
> "$ ruby -e 'C = "once"; C = "oops"'
> -e:1: warning: already initialized constant C "
>
> Okay, but i don't decide yet to use ruby or not. So i have not
> installed Ruby so far...

Peter, in Ruby others can change almost everything that you have
written, and they can change it at runtime, without having access to
your code: constants, classes, methods, instance variables, and so on.
So I think Ruby isn't the right language for you.

Regards,
Pit

On Tue, Aug 19, 2008 at 3:37 AM, Pit Capitain <pit.capitain@gmail.com> 
wrote:
> So I think Ruby isn't the right language for you.
>

Neither is any language that resides in memory or has any connection
to the pysical world.
http://imgs.xkcd.com/comics/real_programmers.png from 
http://xkcd.com/378

On Aug 18, 8:37 pm, Pit Capitain <pit.capit...@gmail.com> wrote:
> your code: constants, classes, methods, instance variables, and so on.
> So I think Ruby isn't the right language for you.
>
> Regards,
> Pit

"Peter, in Ruby others can change almost everything that you have
written,"

Cool, could you give me a good link for self Ruby education ?

"So I think Ruby isn't the right language for you."

A big no -> i mean: i could decide what good for me and not you !!!

peter

2008/8/18 loolek <balla.peter@gmail.com>:
> Cool, could you give me a good link for self Ruby education ?

Peter, I'm sure you'll be able to find the official Ruby homepage and
navigate from there to the introductory documentation. Specific
questions like the not-so-constant constants in Ruby as in this thread
are normally answered here on ruby-talk.

>> "So I think Ruby isn't the right language for you."
>
> A big no -> i mean: i could decide what good for me and not you !!!

That's exactly why I wrote "I think", not "I decide for you". From
your questions I got the impression that you are looking for a
language which allows you to create tightly sealed programs. On the
other hand, Ruby is one of the most open and flexible languages I
know.

Maybe you can tell us more about what you are really looking for, what
kind of programs you want to create, etc. Many of us here on ruby-talk
know a lot of other programming languages and could tell you what we
think would be the right language for your purposes. Again: of course
it is you who finally has to make the decision.

Regards,
Pit

Come on, Captian or Phlip or who ever -> give me a CORRECT link PLZ !

Or i have to think this -> the Ruby lang is not documented well ?

I wrote -> "the google search machine didn't find that error msg @
ruby-doc.org" -> so what's up guys ?

peter

From: loolek [mailto:balla.peter@gmail.com]
# I wrote -> "the google search machine didn't find that error msg @
# ruby-doc.org" -> so what's up guys ?

i hope i can help =)

http://www.ruby-doc.org/docs/ProgrammingRuby/html/language.html
http://www.ruby-doc.org/docs/UsersGuide/rg/constants.html

also, you may want to read about $SAFE variable 
http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html

do not worry about documentation (it is only for anglois (guy decoux) 
:). read the ruby source. it's very readable and unambiguous. then once 
you've mastered the source, do not forget to contribute to the ruby 
docs. ruby docs may need improvement, but it is improving.. (ruby is a 
community effort; if you like it, good; if you want to contribute, good; 
if do not like it, good too. your choice as always :)

kind regards -botp

2008/8/19 loolek <balla.peter@gmail.com>:
> Come on, Captian or Phlip or who ever -> give me a CORRECT link PLZ !

> I wrote -> "the google search machine didn't find that error msg @
> ruby-doc.org" -> so what's up guys ?

You have to look better. Google gives me at least the following two
links from ruby-doc to that error message:

  http://www.ruby-doc.org/docs/UsersGuide/rg/constants.html
  http://www.ruby-doc.org/docs/ProgrammingRuby/html/language.html

And as a bonus here's a direct link to the very part of the second
page with the error message:

  http://www.ruby-doc.org/docs/ProgrammingRuby/html/language.html#S4

Not too hard to find, isn't it?

Regards,
Pit

On Monday 18 August 2008 13:06:43 loolek wrote:
> "http://tryruby.hobix.com"
> 
> This site is a bad ruby "demo", or i dont know.

Point is, it is a site which, when it works properly -- and it's worked
perfectly for me in Firefox so far -- allows any random user who wanders 
in
off the Internet to run arbitrary Ruby code on the server.

So it's an example of how to create a very secure ruby sandbox.

And here's the sandbox-specific stuff:

http://code.whytheluckystiff.net/sandbox/

On Monday 18 August 2008 04:26:43 loolek wrote:

> a. May be ter*rist or whatever, don' really matter. But they are only
> one guy.

"Them", then. I was referring to one guy.

> "get the ability to "overwrite" it?"
> 
> Secound, play that -> i am the bad guy...
> 
> a. I was won the ruby programmer job at the plant -> I'm in!

You won the Ruby programmer job at the plant.

Congratulations, you can now edit the Ruby source code where that 
constant was
defined! It really doesn't matter at this point.

> b. I hacked the box of the security guy of the plant (home machine).
> Why? Becouse he/she is got connection to the inner plant network
> (SSH). So i am in again! (idea from Kevin)

Again, you've SSH'd in to the machine... Now, what, exactly, is stopping 
you
from simply killing that process, editing the source (maybe copying it 
to a
temporary location), and running it again?

> e. Should i continue?

The rest of your examples only highlight the problem:

Once you're in, you're in. What possible scenario could he insert Ruby 
code
into a running process, without being able to also change the constant
anyway?

And what possible language could he not do this in? It's harder to 
change a
constant in a running C program, but one buffer overflow and you can do 
it.

> "let alone in my memory space."
> 
> Hmm, how do you mean this? The ruby code will guard the memory/
> hardware/io/etc. I really don't get you?

Well, I'm assuming that if he can modify a Ruby program that is 
executing, he
is doing so by editing its memory -- which means he has access to the 
memory
space of the program.

Which means that no matter what language the program is written in, he 
can now
change any part of it, full stop.

I suppose it's possible that you're stupid enough to use eval in places 
you
shouldn't. That's the only other way I can think of.

> But anyway -> i was first hacked the unpatched Linux kernel... Should
> i continue the "how"?

Great -- so you can now modify ANY memory, ANYWHERE on the system.

Again: NO language will protect ANY so-called "constant" from being 
modified
here -- except maybe Verilog.

Do you know why Verilog can? Because it compiles to hardware -- meaning 
the
only possible way to change the constant would be with a soldering iron.

Do you know why it's "maybe"? Because if any part of the program is 
software,
and needs that constant, you can always change the one line that reads 
the
constant from hardware to read a different value instead.

> "WE are saying is that you are wrong about how to go about being
> secure."
> 
> I think "hypotheticaly" -> i am right. In other words, you STILL don't
> see the DANGER that the week coding language cousing?

That's not an argument. This has officially descended into "No it's not! 
Yes
it is!"

I don't think it's a "week coding language". You do. Unless you're 
willing to
say _why_ you think it's weak, we aren't going to get beyond 
name-calling.

And I'm not going to respond to any more trolling from you.

> "hell of a lot worse than "overwriting a constant""
> 
> Oh yes, i see now -> you don't smell the dager still, becouse you
> asking this silly Q. But okay, what worse could happen?

No, missing the point:

If he can get into a situation where it's possible for him to modify a 
Ruby
constant, that kind of implies that he can do ANYTHING to the Ruby 
program,
through any of the methods you mentioned above.

Which means that if he wants to make it go boom, he can still do all of 
the
following:

> a. You are dead.
> b. Your home city is dead too.
> c. You mom is dead too.
> d. The water in your area is posioned for a long time.
> e. etc.

What was the point of listing them?

Again, these are not caused by Ruby. These are caused by the fundamental
nature of how modern operating systems work.

If anyone can get their code ANYWHERE NEAR your hypothetical nuclear 
reactor,
they damned well better be trusted.

If your nuclear reactor isn't hypothetical, quit now.




One example: Suppose you've somehow gotten this figured out, and you 
have your
constants.rb file, which almost no one has access to. In there, you 
have:

COOLING_TOLERANCE = 12345

Your attacker realizes that they can't change that file, and they can't 
change
the constant in the program. Fine, so he goes and edits cooling_rods.rb,
where the constant is actually used. He replaces this line:

lower_rods if temp >= COOLING_TOLERANCE

With this one:

raise_rods

Ok, so you make cooling_rods.rb readonly. Fine, so he goes anywhere else 
in
the program, and edits a file he's allowed to edit, and adds the 
following:

loop { raise_rods }

Again, you could sandbox it properly. You could make sure that his code 
never
gets to touch the raise_rods function. But you're always going to miss
something -- maybe he's just a designer, writing the UI. So he goes in 
and
swaps these two buttons:

START REACTION
EMERGENCY SHUTDOWN

So now, when someone needs to perform an emergency shutdown, they push 
START
REACTION instead, and the reactor goes boom.

The right solution is to simply not let him touch the program that 
controls
the cooling rods. Let him read log output from that program to build his
pretty graphs.

David Masover wrote:

>> a. You are dead.
>> b. Your home city is dead too.
>> c. You mom is dead too.
>> d. The water in your area is posioned for a long time.
>> e. etc.
> 
> What was the point of listing them?

To pad the post out without the need to learn or pull in any actual 
programming
details.

 > And I'm not going to respond to any more trolling from you.

You appear to be the last one! (-:

On Tuesday 19 August 2008 23:21:31 Phlip wrote:
> David Masover wrote:

>  > And I'm not going to respond to any more trolling from you.
> 
> You appear to be the last one! (-:

Today, at a cafe, I asked "Can I order..."

And she deadpanned "No."

AND I BOUGHT IT!!

I'm so easily trolled :(