237: Filesystem: How To Avoid Security Vulnerabilities. Part 3.

Avoid being predictable. This advice applies to almost everything you do as a programmer. This episode will focus on the filesystem and how being predictable can make it much easier for an attacker to gain control. We use files to store information and configuration. And we also use files to communicate. Especially between companies or departments within a company. Maybe you’re writing an application that needs to wait on some information that will be sent to you when it’s ready. It’s a lot of information so you agree with the other team that they can just write it all to a file and send it to you when it’s ready. Your application just needs to wait for the file to appear, open it, and start reading. The only question is where should the file be placed and what should it be named. This is where the problem of predictability comes in. Listen to the full episode for examples of how you can solve the predictability problem. You’ll learn why simple solutions are not enough and how you can use an HMAC or hashed message authentication code to help. You can also read the full transcript below. Transcript This advice applies to almost everything you do as a programmer. This episode will focus on the filesystem and how being predictable can make it much easier for an attacker to gain control. I remember once when living in Washington, the city was doing roadwork and they removed the center turn lane and replaced it with a median that cars could not cross. This was in a busy commercial street with lots of shops. I guess they were worried that the extra turning was causing too many accidents. It definitely inconvenienced me because I could no longer turn left directly into my favorite lunch place. I now had to drive further down the road and make a u-turn and come back. The interesting thing about this was the bank that was right next to where I went to eat. That bank was able to get the city to change their mind. And they had to open up a special turn lane just for the bank. Was it because the bank had enough money to pay for the changes? I’m sure it cost a lot to tear down the new median and put a turn lane back where cars used to be able to turn before the work began. The real reason why the bank was able to make the city reverse their decision did have to do with money. But not because the bank paid the city. It was because the bank was able to show that with the new turn restrictions in place, there was only a single route for an armored car to take in order to get to the bank. A single path that the armored cars would always be taking. Just think about that for a minute. If you were planning to set a trap for an armored car to steal the money inside, then wouldn’t you want to know which roads the armored car would be driving on? Normally, the exact path is kept secret and changes often. But when there’s only one path possible, then it’s no secret anymore. This story had a happy ending for me. I was able to use the new turn lane to turn into the bank, drive through their parking lot and then get back on the road for a quick hop into the restaurant. The bank might not have been too happy about me and all the other cars making use of their driveway to make a u-turn, but we weren’t allowed to make a direct u-turn so the bank was put to good use. The lesson here is that predictability leads to security vulnerabilities. So avoid them. How does this relate to filesystems? We use files to store information and configuration. And we also use files to communicate. Especially between companies or departments within a company. Maybe you’re writing an application that needs to wait on some information that will be sent to you when it’s ready. It’s a lot of information so you agree with the other team that they can just write it all to a file and send it to you when it’s ready. Your application just needs to wait for the file to appear, open it, and start readin