Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages
Scripting languages are continuously gaining popularity due to their ease of use and the flourishing software ecosystems that surround them. These languages offer crash and memory safety by design, thus, developers do not need to understand and prevent low-level security issues like the ones plaguin...
Gespeichert in:
Hauptverfasser: | , , , |
---|---|
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | Scripting languages are continuously gaining popularity due to their ease of
use and the flourishing software ecosystems that surround them. These languages
offer crash and memory safety by design, thus, developers do not need to
understand and prevent low-level security issues like the ones plaguing the C
code. However, scripting languages often allow native extensions, which are a
way for custom C/C++ code to be invoked directly from the high-level language.
While this feature promises several benefits such as increased performance or
the reuse of legacy code, it can also break the language's guarantees, e.g.,
crash-safety. In this work, we first provide a comparative analysis of the
security risks of native extension APIs in three popular scripting languages.
Additionally, we discuss a novel methodology for studying the misuse of the
native extension API. We then perform an in-depth study of npm, an ecosystem
which is most exposed to threats introduced by native extensions. We show that
vulnerabilities in extensions can be exploited in their embedding library by
producing reads of uninitialized memory, hard crashes or memory leaks in 33 npm
packages, simply by invoking their API with well-crafted inputs. Moreover, we
identify six open-source web applications in which such exploits can be
deployed remotely by a weak adversary. Finally, we were assigned seven security
advisories for the work presented in this paper, most labeled as high severity. |
---|---|
DOI: | 10.48550/arxiv.2111.11169 |