IF I load the RFB package from lukas's site[1] (Pharo 1.4, recent enough
VM, linux) and set the RFB server's fullPassword like this: MyObject>>startRFB RFBServer current setFullPassword: self rfbPassword MyObject>>rfbPassword ^'1234' After that send the source of rfbPassword shows '1234' but the bytecodes show that it is '' and the apparently empty string is 8 bytes long with each character being (Character value:0) #setFullPassword: uses #atAllPut: to set the value of #rfbPassword to 'Character value: 0'. My concerns are these: 1. Using the current implementation its impossible to stop and restart the RFB server with a default password programmatically. 2. The implementation is not idempotent when starting/stopping. 3. I don't understand the security consequences of removing the part where the password sent to #encryptPassword: is set to NULL characters. Is wiping the values of the #rfbPassword method necessary for security reasons? I assume that setting the RFB server to only accept connections from localhost and using X forwarding would take care of most of the risk of having a string literal in the image. Or- should I be accessing a default RFB password from another source than a class side method in the image? Is there a standard practice for starting and stopping the RFB server in Pharo 1.4 where the RFB server is up and down during the time the image is up? Thanks for any advice Paul 1 - The change was from this package: RFB-MiguelCoba.26.mcz from this repo: http://source.lukas-renggli.ch/unsorted |
On 03/12/2013 11:50 PM, Paul DeBruicker wrote:
> IF I load the RFB package from lukas's site[1] (Pharo 1.4, recent enough > VM, linux) and set the RFB server's fullPassword like this: > > MyObject>>startRFB > RFBServer current setFullPassword: self rfbPassword > > MyObject>>rfbPassword > ^'1234' > > > After that send the source of rfbPassword shows '1234' but the bytecodes > show that it is '' and the apparently empty string is 8 bytes long with > each character being (Character value:0) > > > #setFullPassword: uses #atAllPut: to set the value of #rfbPassword to > 'Character value: 0'. > > My concerns are these: > > 1. Using the current implementation its impossible to stop and restart > the RFB server with a default password programmatically. > > 2. The implementation is not idempotent when starting/stopping. > > 3. I don't understand the security consequences of removing the part > where the password sent to #encryptPassword: is set to NULL characters. > > Is wiping the values of the #rfbPassword method necessary for security > reasons? I assume that setting the RFB server to only accept > connections from localhost and using X forwarding would take care of > most of the risk of having a string literal in the image. > > > Or- should I be accessing a default RFB password from another source > than a class side method in the image? > > Is there a standard practice for starting and stopping the RFB server in > Pharo 1.4 where the RFB server is up and down during the time the image > is up? > > > Thanks for any advice > > > Paul > > > > > 1 - The change was from this package: RFB-MiguelCoba.26.mcz from this > repo: http://source.lukas-renggli.ch/unsorted > Oh and if you want to see what I'm talking about load the latest from Lukas's site and run this RFBServer current inspect. pwd:='nintendo'. correctHash :=#[223 3 196 119 26 39 155 190]. 3 timesRepeat: [RFBServer current initializePreferences; configureForMemoryConservation; allowEmptyPasswords: false; allowRemoteConnections: false; yourself. RFBServer current setFullPassword: pwd. RFBServer current start: 1. RFBServer stop]. Then in the inspector check the value of the vncPassword inst var. The first value of the array should be #[223 3 196 119 26 39 155 190] if it were idempotent but is #[90 178 205 192 186 220 175 19] which is the hash value for an 8 byte NULL character password. |
Free forum by Nabble | Edit this page |