Securing Everything
Securing Everything
We are now entering the part of this chapter where it starts to get really funky. Encryption and digital signatures are not new, but when it comes to your use of this technology, you might be new to it and not quite sure of how to go about using it. Don't panic! Chapter 10 , Secure Your E-Mail with GPG, discusses everything you need to know about GnuPG.
Using GnuPG to Handle Authorizations
One small problem with this version of the e-mail console is that anyone is able to send an e-mail to your system and execute commands from your user account. To prevent this, we'll modify the Perl script to include support for digital signature detection and verification. When an e-mail arrives for the e-mail console, it will check for a digital signature and then check it against your special e-mail console keyring to see if it's a valid signature. This means that only people you trust can send e-mail console commands to your system. You could keep on locking it down using other techniques. For this example, we'll keep it simple and just assume your friends are trustworthy and won't try to erase all your files from your home folder. In addition to authorization, our results should be kept private until the recipient gets the results. To do this, we'll use encryption.
Using GnuPG to Encrypt the Results
So long as the digital signature verifies, we can now get down to executing the commands contained in the e-mail and placing the results in an encrypted e-mail back to the sender. We'll use GnuPG to encrypt the execution results.
We'll do this by using the e-mail address in the From or Reply-to field as the public key identifier when encrypting the results. Sounds easy enough.
Putting It All Together
Both the digital signature verification and the encryption of the results will require significant changes to the email_console.pl script. Here is the new version of the script:
#!/usr/bin/perl use IPC::Open3; use Symbol; #------------------------ # set up vars for open3 #------------------------ $WTR = gensym(); $RDR = gensym(); #--------------------------- # some handy variable defs #--------------------------- $logfile = "/home/stmurphy/.email_console.log"; $line_sep = 0; $separator = "\n" . "~" x 72 . "\n"; $theOutput = "\n\n"; $reply_subject = "Email Console Results"; $signature_line = "\n--\nOutput generated by the Email Console\n"; $no_commands_mesg = "No commands found to execute."; $from = ""; $reply_to = ""; #--------------- # open log file #--------------- open LOG,">>$logfile"; #----------------------------- # read in the entire file #----------------------------- @email = <>; #---------------------------- # search for a sender to # put as out recipient for # the reply back #---------------------------- foreach $_ (@email) { #------------------------ # get the sender address #------------------------ if ($_ =~ m/^From: (.*)/) { $from = ; } #--------------------------------- # get the sender address override #--------------------------------- if ($_ =~ m/^Reply-To: (.*)/) { $reply_to = ; } } $who = ($reply_to ne "") ? "F:$from R:$reply_to" : $from; #-------------------------------------- # check message for a valid signature #-------------------------------------- open GPG, "/usr/bin/gpg batch verify keyring ec-keyring no-default-keyring foreach $_ (@email) { print GPG $_; } close GPG; $val = $? / 256; #------------------------- # valid signature found #------------------------- if ($val == 0) { #-------------------------- # our parse/execution loop #-------------------------- foreach $_ (@email) { #--------------------------- # look for <exec>...</exec> # and process the command #--------------------------- if ($_ =~ m/^<exec>(.*)<\/exec>/) { undef $cmd_output; if ($line_sep) { $theOutput .= $separator; } else { $line_sep = 1; } print LOG scalar localtime() . " $who executed []\n"; $theOutput .= "Executing []\n\n"; #----------------------- # execute the command(s) #----------------------- open3($WTR, $RDR, "",); close($WTR); while (<$RDR>) { $cmd_output .= $_; } $theOutput .= $cmd_output; } } } #------------------------- # invalid signature found #------------------------- elsif ($val == 1) { $theOutput .= "Invalid digital signature!"; print LOG scalar localtime() . " $who - Invalid digital signature\n"; } #------------------------- # some other problem # or not a signed message #------------------------- elsif ($val >= 2) { $theOutput .= "Not a valid Email Console email.\nA digital signature is required!"; print LOG scalar localtime() . " $who - No digital signature found\n"; } #----------------------------- # report if there were # no command executed at all #----------------------------- if (!$val && !$line_sep) { $theOutput .= $no_commands_mesg; print LOG scalar localtime() . " $who - No commands in email\n"; } #--------------------------- # tack on a handy dandy # signature line #--------------------------- $theOutput .= $signature_line; #----------------------------- # override the from address # with the reply-to address #----------------------------- if ($reply_to ne "") { $from = $reply_to; } #---------------------- # close the log file #---------------------- close LOG; #---------------------- # encrypt the results #---------------------- open3($WTR, $RDR, "", "gpg --armor --output - --recipient \"$from\ " -quiet --batch print $WTR $theOutput; close $WTR; undef $theOutput; while(<$RDR>) { $theOutput .= $_; } close $RDR; #----------------------- # send the reply email # with the execution # results #----------------------- exec "echo \"$theOutput\" mailx -s \"$reply_subject\" \"$from\""; exit; To simplify my testing of the two versions of the e-mail console, I decided to name the second version email_console_gpg.pl. You should have noticed a few significant changes, such as the logging of requests . I placed the e-mail console log file in a hidden file, .email_console.log, in my home folder. The biggest change is the addition of the GPG code for digital signature verification and execution results encryption.
Finally, I modified the .procmail file to include an additional recipe that sends e-mail with the subject line <gpg-console/> to the new email_console_gpg.pl script. Under normal circumstances, you would not include both recipes and scripts, just the secured versions. If you leave both in there, your system will be left open to attacks. It's only included here so you can see the differences. Here's the new .procmailrc file with the new recipe included:
#------------------------ # my .procmailrc file #------------------------- SHELL=/bin/bash MAILDIR=${HOME}/Mail LOGFILE=${MAILDIR}/procmail.log LOG--- Logging ${LOGFILE} for ${LOGNAME}, " #------------------------------------ # Recipes #------------------------------------ :0 * ^Subject: <console/> /usr/bin/perl ~/bin/email_console.pl :0 * ^Subject: <gpg-console/> /usr/bin/perl ~/bin/email_console_gpg.pl #--------------------------------------------- # catchall recipe #--------------------------------------------- :0: ${DEFAULT} This wraps up securing the e-mail console. However, this isn't everything you could do to secure the e-mail console utility. There are plenty of improvements waiting to be explored. And just in case you were wondering if this thing even works, here are some screenshots of the e-mail console in action. The screenshot in Figure 7-6 is of an e-mail being generated for the secured e-mail console. Figure 7-7 shows the e-mail as it is received by my system (I diverted it from Procmail for the screenshot). Finally, Figure 7-8 shows the result of the executions. Notice that KMail automatically decrypts the result. I like this feature!
Figure 7-6. Generating an e-mail.
Figure 7-7. Received e-mail.
Figure 7-8. Execution results.
EAN: 2147483647
Pages: 257