本文通过一路BBS站telnet客户端发布
“If Green Dam is deployed in its current form, it will significantly weaken China's computer security. ”
如果现在这个绿吧软件真的被大规模部署,那么它将极大的削弱中国的国家安全。
这是实话,因为安装了这个软件,就会立刻打开论文所述的漏洞,如果政府部门都安装这个软件,简直就是向国外间谍敞开大门,后果不堪设想!
如果真的有高人能看到这篇论文,请向领导们汇报下这个问题,请真正的专家分析这个软件,到底是不是安全。
如果真的要7月1日之后部署,请将安全漏洞解决之后再强制推广。
安装绿坝的点击这个链接就能测试当前漏洞:
http://wolchok.org:8000/
[<a target=_blank href="http://www.cse.umich.edu/%7Ejhalderm/pub/gd/" target=_blank>http://www.cse.umich.edu/~jhalderm/pub/gd/[</a>
[<p align=center>
Analysis of the Green Dam Censorware System
[</p>
Scott Wolchok, Randy Yao, and J. Alex Halderman
Computer Science and Engineering Division
The University of Michigan
Revision 2.4 – June 11, 2009
Summary
We have discovered remotely-exploitable vulnerabilities in Green Dam,the censorship software reportedly mandated by the Chinese government.Any web site a Green Dam user visits can take control of the PC.
According to press reports, China will soon require all PCs sold in thecountry to include Green Dam. This software monitors web sites visitedand other activity on the computer and blocks adult content as well aspolitically sensitive material.
We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. Thiscould allow malicious sites to steal private data, send spam, or enlistthe computer in a botnet. In addition, we found vulnerabilities in theway Green Dam processes blacklist updates that could allow the softwaremakers or others to install malicious code during the update process.
We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. GreenDam makes frequent use of unsafe and outdated programming practicesthat likely introduce numerous other vulnerabilities. (简直丢人啊!)Correctingthese problems will require extensive changes to the software andcareful retesting. In the meantime, we recommend that users protectthemselves by uninstalling Green Dam immediately.
Green Dam displays this message when it detects banned phrases.
Introduction
Accordingly to recent news reports (NYT, WSJ), the Chinese governmenthas mandated that, beginning July 1, every PC sold in China mustinclude a censorship program called Green Dam. This software isdesigned to monitor internet connections and text typed on thecomputer. It blocks undesirable or politically sensitive content andoptionally reports it to authorities. Green Dam was developed by acompany called Jin Hui and is available as a free download. We examinedversion 3.17.
How Green Dam Works
The Green Dam software filters content by blocking URLs and websiteimages and by monitoring text in other applications. The filteringblacklists include both political and adult content. Some of theblacklists appear to have been copied from American-made filteringsoftware.
Image filter Green Dam includes computer vision technology used toblock online images containing nudity. The image filter reportedlyworks by flagging images containing large areas of human skin tone,while making an exception for close-ups of faces. We've found that theprogram contains code libraries and a configuration file from theopen-source image recognition software OpenCV.
Text filter Green Dam scans text entry fields in variousapplications for blocked words, including obscenities and politicallysensitive phrases (for example, references to XX Gong). Blacklistedterms are contained in three files, encrypted with a simple key-lessscrambling operation. We decrypted the contents of these fileswordl.dat, xwordm.dat, and xwordh.dat. We also found what appears tobe a word list for a more sophisticated sentence processing algorithmin the unencrypted file XXWord.lib. When Green Dam detects these words,the offending program is forcibly closed and an error image (shownabove) is displayed.
URL filter Green Dam filters website URLs using patterns containedin whitelist and blacklist files (*fil.dat, adwapp.dat, andTrustUrl.dat). These files are encrypted with the same key-lessscrambling operation as the blacklists for the text filter. Five of theblacklists correspond to the categories in the content filteringsection of Green Dam's options dialog (shown below).
We found evidence that a number of these blacklists have been takenfrom the American-made filtering program CyberSitter. In particular, wefound an encrypted configuration file, wfileu.dat, that referencesthese blacklists with download URLs at CyberSitter's site. We alsofound a setup file, xstring.s2g, that appears to date these blackliststo 2006. Finally, csnews.dat is an encrypted 2004 news bulletin byCyberSitter. We conjecture that this file was accidentally includedbecause it has the same file extension as the filters.
Security Problems
After only one day of testing the Green Dam software, we found two major security vulnerabilities.The first is an error in the way the software processes web sites itmonitors. The second is a bug in the way the software installsblacklist updates. Both allow remote parties to execute arbitrary codeand take control of the computer.
Web Filtering Vulnerability
Green Dam intercepts Internet traffic and processes it to see whethervisited web sites are blacklisted. In order to perform this monitoring,it injects a library called SurfGd.dll into software that uses thesocket API. When a user access a web site, this code checks the addressagainst the blacklist and logs the URL.
We discovered programming errors in the code used to processweb site requests. The code processes URLs with a fixed-length buffer,and a specially-crafted URL can overrun this buffer and corrupt theexecution stack.(这是最弱智的编程方法,还在用定长buffer,这是最容易攻破的缓冲区溢出) Any web site the user visits can redirect the browser to a page with a malicious URL and take control of the computer.
We have constructed a demonstration URL that triggers this problem. If you have Green Dam installed, clicking the button on our [<a target=_blank href="http://wolchok.org:8000/" target=_blank>demonstration attack page[</a> (点击这个链接将演示如何攻击绿吧,这里只是让你的浏览器崩溃,而真的黑客将随意控制你的机器)will cause your browser (or tab) to crash.
This proof-of-concept shows that we are able to control the executionstack. An actual attacker could exploit this to execute malicious code.
Green Dam's design makes this problem exploitable from almost any webbrowser. At this time, the surest way for users to protect themselvesis to uninstall Green Dam.
Blacklist Update Vulnerability(另一个漏洞)
We found a second problem in the way Green Dam reads its filter files.This problem would allow Green Dam's makers, or a third-partyimpersonating them, to execute arbitrary code and install malicioussoftware on the user's computer after installing a filter update. Userscan enable automatic filter updates from the Green Dam configurationprogram.
Green Dam reads its filter files using unsafe C string libraries.In places, it uses the fscanf function to read lines from filter filesinto a fixed-length buffer on the execution stack. This creates classicbuffer-overflow vulnerabilities. For example, if a line in the fileTrustUrl.dat exceeds a certain fixed length, the buffer will beoverrun, corrupting the execution stack and potentially giving theattacker control of the process.
The filter files can be replaced remotely by the software maker if theuser has enabled filter updates. The updates could corrupt thesevulnerable files to exploit the problems we found. This could allowGreen Dam's makers to take control of any computer where the softwareis installed and automatic filter updates are enabled. Furthermore,updates are delivered via unencrypted HTTP, which could allow a thirdparty to impersonate the update server (for example, by exploiting DNSvulnerabilities) and take control of users' computers using this attack.
Removing Green Dam
Green Dam allows users who know its administrator password to uninstallthe software. We tested the uninstaller and found that it appears toeffectively remove Green Dam from the computer. However, it fails toremove some log files, so evidence of users' activity remains hidden onthe system.
In light of the serious vulnerabilities we outlined above, the surestway for users to protect themselves is to remove the softwareimmediately using its uninstall function.
Conclusion
Our brief testing proves that Green Dam contains very serious securityvulnerabilities. Unfortunately, these problems seem to reflect systemicflaws in the code. The software makes extensive use of programmingtechniques that are known to be unsafe, such as deprecated C stringprocessing functions including sprintf and fscanf. These problems arecompounded by the design of the program, which creates a large attacksurface: since Green Dam filters and processes all Internet traffic,large parts of its code are exposed to attack.
If Green Dam is deployed in its current form, it will significantlyweaken China's computer security. While the flaws we discovered can bequickly patched, correcting all the problems in the Green Dam softwarewill likely require extensive rewriting and thorough testing. This willbe difficult to achieve before China's July 1 deadline for deployingGreen Dam nationwide.
Additional Screenshot
Users can configure which categories of web sites are blocked by Green Dam.
Additional filters are used to block adult and politically-sensitive terms in text entry fields.
Acknowledgments
We wish to thank our colleagues at the University of Michigan who alerted us to Green Dam and assisted with translation.
Contacting the Authors
Please send questions or comments to Professor J. Alex Halderman.
--
|