Slide 1
Slide 1 text
OSSͷ੬ऑੑΛ୳ͨ͢Ίʹ
ͬͨ͜ͱ
ୈ19ճηΩϡϦςΟ͘͞Β
Teppei Fukuda
Slide 2
Slide 2 text
ൃද༰
• ͕ࣗOSSͷ੬ऑੑΛ୳ͨ͢Ίʹͬͨ͜ͱ
• ٳͷதʹٸʹDoSͷ੬ऑੑΛݟ͚ͭͨ
͘ͳͬͯɺே·Ͱ͔͚ͯ୳ͨ͠ͱ͖ͷ
• ͜Ε͔ΒͬͯΈ͍ͨਓ͚ͷ
Slide 3
Slide 3 text
ࣗݾհ
• ా మฏʢ@knqyf263ʣ
• ͖ͳͷ
• ωοτϫʔΫ
• ηΩϡϦςΟ
• ອը
• ߪಡࡶࢽ
• िץগδϟϯϓ
• िץগϚΨδϯ
• िץগαϯσʔ
• िץϠϯάδϟϯϓ
• δϟϯϓSQ
• ผগϚΨδϯ
• ଞɺ୯ߦຊଟ
Slide 4
Slide 4 text
No content
Slide 5
Slide 5 text
OSSͷ੬ऑੑΛ୳ͯ͠Έͨ
Slide 6
Slide 6 text
ηΩϡϦςΟΤϯδχΞͷҿΈձ
͖ͳ੬ऑੑʁ
͖ͳϓϩτίϧʁ
͖ͳϨΠϠʔʁ
͖ͳೋԿళʁ
Slide 7
Slide 7 text
͖ͳ੬ऑੑʁ
Slide 8
Slide 8 text
͖ͳ੬ऑੑʹ͍ͭͯߟ͑Δ
• ৗʹ੬ऑੑใΛ͏
• IPA, JPCERT/CC, JVN, NVD
• RSSʢ֤छχϡʔεαΠτϒϩάʣ
• Twitter, Facebook, etc.
Slide 9
Slide 9 text
੬ऑੑ͕ଟ͗͢Δ
ํੑΛߜΔ
Slide 10
Slide 10 text
੬ऑੑͷϨΠϠʔ
• WebΞϓϦέʔγϣϯ
• CGI, PHP, Java, etc
• ϛυϧΣΞ
• OpenSSH
• Postfix, etc.
• OS ʢWindows, LinuxͳͲʣ
• Linux Kernel
Slide 11
Slide 11 text
੬ऑੑͷछྨ
• WebΞϓϦέʔγϣϯ
• XSS, SQLi, CSRF, etc.
• ϛυϧΣΞ
• ҙίʔυ࣮ߦ, ೝূճආ, etc.
• OS ʢWindows, LinuxͳͲʣ
• ݖݶঢ֨, DoS, etc.
Slide 12
Slide 12 text
$43'ʹڵຯ͕͋Δʂ
• CSRFͷख๏ʹ͍ͭͯௐΔ
• ʑͷ੬ऑੑใΛ͏
ςϯγϣϯ
্͕Βͳ͔ͬͨ
• ௐͨΒ͋Μ·Γͳ࣌͋Δ
• ผͷ੬ऑੑΛௐΔ
Slide 13
Slide 13 text
3$&ʹڵຯ͕͋Δʂ
• RCEͷख๏ʹ͍ͭͯௐΔ
• ʑͷ੬ऑੑใΛ͏
͖ͩʂ
• Ͳ͏͍͏ιϑτΣΞͰͷ
ɹRCE͕͖͔ߟ͑Δ
Slide 14
Slide 14 text
͖ͳιϑτΣΞʹ͍ͭͯߟ͑Δ
• ීஈ͍ͬͯΔͷ͔Βߟ͑Δ
• WebΞϓϦέʔγϣϯϑϨʔϜϫʔΫ
• ίϚϯυϥΠϯπʔϧ
• Office, Adobe, etc.
• ৭ʑͬͯΈΔ
• GitHubͷTrendingʹ͕͋ͬͨπʔϧͳͲ
Slide 15
Slide 15 text
͖ͳϓϩτίϧɾن֨ʹ͍ͭͯߟ͑Δ
• HTTP
• ϔομ
• ೝূʢBasicೝূɺDigestೝূʣ
• SSL/TLS
• DNS
• WEP/WPA2
• Bluetooth, etc.
Slide 16
Slide 16 text
৭ʑͳํ͔Β͖ͳͷΛߟ͑Δ
• ͖ͳ੬ऑੑʹ͍ͭͯߟ͑Δ
• ͖ͳιϑτΣΞʹ͍ͭͯߟ͑Δ
• ͖ͳϓϩτίϧʹ͍ͭͯߟ͑Δ
Δؾ͕ग़Δͷ͕Ұ൪େࣄʂʂ
࣠৭ʑ
ʢ͓͖ۚͳΒใۚͷଟՉͱ͔ʣ
Slide 17
Slide 17 text
ࣗͷ߹
• ͖ͳϓϩτίϧ
• DNS
• ͖ͳιϑτΣΞ
• BIND
• ͖ͳ੬ऑੑ
• DoS
BINDͷDoS
୯७ͳ%P4ͳͷʹ
க໋తͳײ͕͖͡
Slide 18
Slide 18 text
·ͣաڈͷ੬ऑੑ͔ΒֶͿ
Slide 19
Slide 19 text
طଘͷ੬ऑੑΛݕূ͢Δ
• ެ։͞Ε͍ͯΔPoCΛࢼ͢
• KRACK (WPA2ͷ੬ऑੑʣ
• https://github.com/vanhoefm/krackattacks-scripts
• ίϛοτΛݟͯ੬ऑੑͷݪҼΛཧղ͢Δ
• https://w1.fi/cgit/hostap/commit/?
id=a00e946c1c9a1f9cc65c72900d2a444ceb1f872e
• ࣗͰPoCΛॻ͍ͯΈΔ
Slide 20
Slide 20 text
DoSͷ੬ऑੑ
• ͲΜͳ߹ʹDoS͕ى͖Δ͔ʁ
• CWE-129 ྻࢦඪͷෆదͳݕূ
• CWE-131 ޡͬͨόοϑΝʔɾαΠζͷܭࢉ
• ଞʹଟ
Slide 21
Slide 21 text
ରΛܾΊΔ
Slide 22
Slide 22 text
͖ͳͷ͔Β୳࢝͠ΊΔ
ྫ
• ͖ͳϓϩτίϧ
• SSL/TLS
• ͖ͳιϑτΣΞ
• OpenSSL
• ͖ͳ੬ऑੑ
• ҙίʔυ࣮ߦʢRCE)
աڈͷ੬ऑੑͱ
ࣅͨͷ͕ͳ͍͔
Slide 23
Slide 23 text
͖ͳͷ͔Β୳࢝͠ΊΔ
ྫ
• ͖ͳϓϩτίϧ
• SSL/TLS
• ͖ͳιϑτΣΞ
• OpenSSL
• ͖ͳ੬ऑੑ
• ଞͷ੬ऑੑ୳ͯ͠ΈΔ
• DoS҉߸ͷ࣮ෆඋաڈʹݟ͔͍ͭͬͯΔ
Slide 24
Slide 24 text
͖ͳͷ͔Β୳࢝͠ΊΔ
ྫ
• ͖ͳϓϩτίϧ
• SSL/TLS
• ͖ͳιϑτΣΞ
• BoringSSL/LibreSSL͔Β୳ͯ͠ΈΔ
• ͖ͳ੬ऑੑ
• ҙίʔυ࣮ߦ
ྨࣅͷιϑτΣΞ
Slide 25
Slide 25 text
ࣗͷ߹
• ͖ͳϓϩτίϧ
• DNS
• ͖ͳιϑτΣΞ
• DNSܥͷιϑτΣΞΛ୳ͯ͠ΈΔ
• https://github.com/miekg/dns
• https://github.com/kenshinx/godns
• ͖ͳ੬ऑੑ
• DoS
࠷ۙ(PΛॻ͘͜ͱ͕ଟ͍ͷͰ
(PͰॻ͔Εͨͷ͔Β୳͢
Slide 26
Slide 26 text
ࣗͷ߹
• ͖ͳϓϩτίϧ
• DNS
• ͖ͳιϑτΣΞ
• ωοτϫʔΫϞχλϦϯά͢Δπʔϧ͖
• ͖ͳ੬ऑੑ
• DoS
Slide 27
Slide 27 text
ωοτϫʔΫ
HPMBOH
%P4
Slide 28
Slide 28 text
Packetbeat
Slide 29
Slide 29 text
Packetbeat
• golangͰॻ͔ΕͨOSS
• ϦΞϧλΠϜͰωοτϫʔΫͷτϥϑΟοΫΛղੳ
• Logstash·ͨElasticsearchʹσʔλΛૹ৴͢ΔɺܰྔͳωοτϫʔΫύέοτ
ΞφϥΠβʔ
• ରԠϓϩτίϧ
• HTTP
• DNS
• MySQL
• PostgreSQL
Slide 30
Slide 30 text
୳࢝͠ΊΔલʹҰൠతͳ·ͱΊ
Slide 31
Slide 31 text
੬ऑੑஅ
• ϒϥοΫϘοΫεܕ
• ಈ࡞͍ͯ͠ΔରγεςϜʹର͠ɺ࣮ࡍʹٖ
ࣅతͳ৵ೖɾ߈ܸΛֻ͚Δ
• ϗϫΠτϘοΫεܕ
• γεςϜͷߏιʔείʔυͳͲͷࡉ͔͍
ใͳͲΛͱʹஅ͢Δ
Slide 32
Slide 32 text
OSSͷ߹
• ϒϥοΫϘοΫεܕ
• ಈ͔͠ํ͕ஸೡʹॻ͍ͯ͋Δʢ͜ͱ͕ଟ͍ʣͷͰ؆୯
• ϗϫΠτϘοΫεܕ
• ιʔείʔυެ։͞Ε͍ͯΔ
ιʔείʔυΛमਖ਼ͯ͠ಈ͔͢͜ͱ͢ΒՄೳʂʂ
Slide 33
Slide 33 text
ྲྀΕ
1. υΩϡϝϯτΛಡΜͰ༷ΛѲ
2. ࣮ࡍʹಈ͔ͯ͠ڍಈΛѲ
3. աڈͷ੬ऑੑͳͲΛࢀߟʹ͋ͨΓΛ͚ͭΔ
4. ιʔείʔυΛͪΒͬͱಡΉ
5. ֎෦͔Βෆਖ਼ͳೖྗΛ༩͑ͯΈͨΓ͢Δ
6. ίʔυΛमਖ਼ͯ͠ಈ͔ͨ͠ΓσόοΨͬͨΓ
Slide 34
Slide 34 text
υΩϡϝϯτΛಡΉ
• ύέοτΛղੳͯ͠σʔλΛอଘͯ͘͠ΕΔ
• LogstashElasticsearchʹૹΔ
• HTTPͷεςʔλείʔυSQLͷΫΤϦͳͲΛ
ύʔεͯ͠औಘͯ͘͠ΕΔ
Internet
ϛϥʔϦϯά
Packetbeat
Elasticsearch
Slide 35
Slide 35 text
࣮ࡍʹಈ͔ͯ͠ΈΔ
$./packetbeat -N -e
2017/12/01 04:03:08.679303 metrics.go:23: INFO Metrics logging every 30s
2017/12/01 04:03:08.679117 beat.go:297: INFO Home path: [/root/
packetbeat-5.6.3-linux-x86_64] Config path: [/root/packetbeat-5.6.3-linux-
x86_64] Data path: [/root/packetbeat-5.6.3-linux-x86_64/data] Logs path: [/
root/packetbeat-5.6.3-linux-x86_64/logs]
2017/12/01 04:03:08.680873 beat.go:192: INFO Setup Beat: packetbeat; Version:
5.6.3
2017/12/01 04:03:08.680879 publish.go:217: INFO Dry run mode. All output types
except the file based one are disabled.
... (தུʣ...
2017/12/01 04:03:08.681143 protos.go:89: INFO registered protocol plugin: mysql
2017/12/01 04:03:08.681145 protos.go:89: INFO registered protocol plugin: nfs
2017/12/01 04:03:08.681148 protos.go:89: INFO registered protocol plugin: pgsql
2017/12/01 04:03:08.681165 protos.go:89: INFO registered protocol plugin: redis
2017/12/01 04:03:08.707989 beat.go:233: INFO packetbeat start running.
Slide 36
Slide 36 text
աڈͷ੬ऑੑͳͲΛࢀߟʹ͋ͨΓΛ͚ͭΔ
• https://www.elastic.co/jp/community/security
Packetbeatͷաڈͷ੬ऑੑ0݅ͩͬͨ
Slide 37
Slide 37 text
աڈͷ੬ऑੑͳͲΛࢀߟʹ͋ͨΓΛ͚ͭΔ
ྨࣅOSSͰύέοτղੳՕॴͰDoS͕ى͖͍͢
ύʔαͷιʔείʔυΛಡΜͰΈΔ
Slide 38
Slide 38 text
աڈͷ੬ऑੑͳͲΛࢀߟʹ͋ͨΓΛ͚ͭΔ
ո͍͠
Slide 39
Slide 39 text
ιʔείʔυΛಡΜͰ͍͘
Slide 40
Slide 40 text
PostgreSQLϓϩτίϧͷύʔεॲཧ
func pgsqlFieldsParser(s *pgsqlStream, buf []byte) error {
...ʢதུʣ...
// read Type OID (int32)
off += 4
// read column length (int16)
off += 2
// read type modifier (int32)
off += 4
// read format (int16)
format := common.BytesNtohs(buf[off : off+2])
off += 2
fieldsFormat = append(fieldsFormat, byte(format))
}
ྻͷΠϯσοΫεͷ
ࢦఆ͕ؾʹͳΔ
bufʹԿ͕ೖΔʁ
Slide 41
Slide 41 text
ιʔείʔυͷྲྀΕΛ͏
QHTRM'JFMET1BSTFS
QBSTF3PX%FTDSJQUJPO
QBSTF$PNNBOE
func (pgsql *pgsqlPlugin) parseCommand(s *pgsqlStream) (bool, bool) {
// read type
typ := byte(s.data[s.parseOffset])
...
switch typ {
case 'Q':
return pgsql.parseSimpleQuery(s, length)
case 'T':
return pgsql.parseRowDescription(s, length)
...
}
ύέοτͷCZUF͕
`5ͷͱ͖ʹݺΕΔॲཧ
Slide 42
Slide 42 text
testdb=# SELECT * FROM test;
id | body
----+------
1 | test
(1 row)
RowDescription
3PX%FTDSJQUJPO
• parseRowDescription
• ͦͦRowDescriptionͱʁ
Slide 43
Slide 43 text
RowDescription
• Byte1('T')
• ϝοηʔδ͕ߦͷهड़Ͱ͋Δ͜ͱΛࣝผ͠·͢ɻ
• Int32
• ࣗΛؚΉɺϝοηʔδ༰ͷ͞ʢόΠτ୯Ґʣɻ
• Int16
• ߦͷϑΟʔϧυΛࢦఆ͠·͢ ʢθϩͱ͢Δ͜ͱ͕Ͱ͖·͢ʣɻ
• ͦͷޙɺ֤ϑΟʔϧυʹରͯ͠ҎԼ͕ଓ͖·͢ɻ
• String
• ϑΟʔϧυ໊Ͱ͢ɻ
• Int32
• ϑΟʔϧυ͕ಛఆͷςʔϒϧͷྻͱͯࣝ͠ผͰ͖Δ߹ɺςʔϒϧͷΦϒδΣΫτIDͰ͢ɻ ͞ͳ͘θϩͰ͢ɻ
• Int16
• ϑΟʔϧυ͕ಛఆͷςʔϒϧͷྻͱͯࣝ͠ผͰ͖Δ߹ɺྻͷଐੑ൪߸Ͱ͢ɻ ͞ͳ͘θϩͰ͢ɻ
• Int32
• ϑΟʔϧυͷσʔλܕͷΦϒδΣΫτIDͰ͢ɻ
• Int16
• σʔλܕͷେ͖͞ʢpg_type.typlenΛࢀরʣͰ͢ɻ ෛͷ͕ՄมͷܕΛද͢͜ͱʹҙ͍ͯͩ͘͠͞ɻ
• Int32
• ܕम০ࢠʢpg_attribute.atttypmodΛࢀরʣͰ͢ɻ म০ࢠͷҙຯܕʹݻ༗Ͱ͢ɻ
• Int16
• ϑΟʔϧυʹ༻͞ΕΔॻࣜίʔυͰ͢ɻݱࡏɺ0ʢςΩετʣ·ͨ1ʢόΠφϦʣͷ͍ͣΕ͔ʹͳΓ·͢ɻ
https://www.postgresql.jp/document/9.6/html/protocol-message-formats.htm
Slide 44
Slide 44 text
No content
Slide 45
Slide 45 text
testdb=# SELECT * FROM test;
id | body
----+------
1 | test
---
54 00 00 00 32 00 02 69 64 00 00 00 45 0e 00 01 00 00 00 17 00 04 ff ff ff ff
00 00 62 6f 64 79 00 00 00 45 0e 00 02 00 00 00 19 ff ff ff ff ff ff 00 00
---
54 ! 'T'ͳͷͰRowDescription
00 00 00 32 ! ͞=50Λҙຯ͢Δ
00 02 ! ϑΟʔϧυ=2Λҙຯ͢Δ
69 64 00 ! "id"
00 00 45 0e ! ςʔϒϧͷΦϒδΣΫτID(17678)
00 01 ! ྻͷଐੑ൪߸
...
00 00 ! ϑΟʔϧυʹ༻͞ΕΔॻࣜίʔυʢςΩετͷ߹0ʣ
RowDescription
CVG
ͷॲཧ͜͜ʂ
Slide 46
Slide 46 text
OSSͳΒͰͷ୳͠ํ
• σόοΨΛར༻͢Δ
• printfσόοά͢Δ
• ςετίʔυΛར༻͢Δ
ςετίʔυؾܰʹҟৗͳೖྗΛ
༩͑ΒΕΔͷͰΦεεϝ
Slide 47
Slide 47 text
// Test parsing a response with data attached
func TestPgsqlParser_dataResponse(t *testing.T) {
if testing.Verbose() {
logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"pgsql", "pgsqldetailed"})
}
pgsql := pgsqlModForTests()
data := []byte(
“5400000033000269640000008fc40001000000170004ffffffff000076616c75650000008fc400020000001
9ffffffffffff0000" +
"44000000130002000000013100000004746f746f" +
"440000001500020000000133000000066d617274696e" +
"440000001300020000000134000000046a65616e" +
"430000000b53454c45435400" +
"5a0000000549")
message, err := hex.DecodeString(string(data))
if err != nil {
t.Error("Failed to decode hex string")
}
stream := &pgsqlStream{data: message, message: new(pgsqlMessage)}
ok, complete := pgsql.pgsqlMessageParser(stream)
ςετίʔυ
͜͜Λ͍ͬͯ͡ΈΔ
Slide 48
Slide 48 text
// Test parsing a response with data attached
func TestPgsqlParser_dataResponse(t *testing.T) {
if testing.Verbose() {
logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"pgsql",
"pgsqldetailed"})
}
pgsql := pgsqlModForTests()
data := []byte(
"540000001b00016964000000450e0001000000170004ffffffff0000")
message, err := hex.DecodeString(string(data))
if err != nil {
t.Error("Failed to decode hex string")
}
stream := &pgsqlStream{data: message, message: new(pgsqlMessage)}
ok, complete := pgsql.pgsqlMessageParser(stream)
ςετίʔυ
ਖ਼ৗͳΛೖΕͯΈΔ
Slide 49
Slide 49 text
// Test parsing a response with data attached
func TestPgsqlParser_dataResponse(t *testing.T) {
if testing.Verbose() {
logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"pgsql",
"pgsqldetailed"})
}
pgsql := pgsqlModForTests()
data := []byte(
"540000001b00016964000000450e0001000000170004ffffffff0000")
message, err := hex.DecodeString(string(data))
if err != nil {
t.Error("Failed to decode hex string")
}
stream := &pgsqlStream{data: message, message: new(pgsqlMessage)}
ok, complete := pgsql.pgsqlMessageParser(stream)
ෆਖ਼ͳೖྗʹม͑Δ
CVG
CZUFલఏͳͷͰ ͬͨΒམͪͦ͏
Slide 50
Slide 50 text
$ cd ~/go/src/github.com/elastic/beats/packetbeat/protos/pgsql
$ go test -run TestPgsqlParser_dataResponse
PASS
ok github.com/elastic/beats/packetbeat/protos/pgsql
0.085s
མͪͳ͔ͬͨ
ςετίʔυΛ࣮ߦͯ͠ΈΔ
Slide 51
Slide 51 text
͜ͷՕॴݺΕ͍ͯͳ͔ͬͨ
printfσόοάͯ͠ΈΔ
func (pgsql *pgsqlPlugin) parseCommand(s *pgsqlStream) (bool, bool) {
// read type
typ := byte(s.data[s.parseOffset])
...
case 'T':
+ fmt.Printf("%d\n", length)
return pgsql.parseRowDescription(s, length)
...
}
ଞͷՕॴͷΤϥʔॲཧͰ͔Ε͍ͯΔ
Slide 52
Slide 52 text
͞ͷൺֱ
if len(s.data[s.parseOffset:]) <= length {
detailedf("Wait for more data")
return true, false
}
σʔλͷ࣮ࡍͷ͞
cc
CZUF
ύέοτͷهड़
cc
CZUF
54 00 00 00 1b ...
• ҎԼͷνΣοΫͰ͔Ε͍ͯͨ
Slide 53
Slide 53 text
// Test parsing a response with data attached
func TestPgsqlParser_dataResponse(t *testing.T) {
if testing.Verbose() {
logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"pgsql",
"pgsqldetailed"})
}
pgsql := pgsqlModForTests()
data := []byte(
"540000001b00016964000000450e0001000000170004ffffffff0000")
message, err := hex.DecodeString(string(data))
if err != nil {
t.Error("Failed to decode hex string")
}
stream := &pgsqlStream{data: message, message: new(pgsqlMessage)}
ok, complete := pgsql.pgsqlMessageParser(stream)
͞Λἧ͑Δ
Δ
CZUFݮΒ͢ B
Slide 54
Slide 54 text
$ go test -run TestPgsqlParser_dataResponse
panic: runtime error: slice bounds out of range [recovered]
panic: runtime error: slice bounds out of range
goroutine 20 [running]:
testing.tRunner.func1(0xc420068820)
/usr/lib/go-1.8/src/testing/testing.go:622 +0x29d
panic(0x9bc500, 0xe46af0)
/usr/lib/go-1.8/src/runtime/panic.go:489 +0x2cf
github.com/elastic/beats/packetbeat/protos/pgsql.pgsqlFieldsParser(0xc420035f60, 0xc421164f05,
0x16, 0x16, 0x0, 0x0)
/root/go/src/github.com/elastic/beats/packetbeat/protos/pgsql/parse.go:384 +0x6c6
... (தུ) ...
created by testing.(*T).Run
/usr/lib/go-1.8/src/testing/testing.go:697 +0x2ca
exit status 2
FAIL github.com/elastic/beats/packetbeat/protos/pgsql 0.084s
མͪͨʂʂ
ςετίʔυΛ࣮ߦͯ͠ΈΔ
Slide 55
Slide 55 text
ಉ༷ʹ͍͔ͯͭ͘͠ͷ
ΤϥʔॲཧΛ͢Γൈ͚Δͱ...
Slide 56
Slide 56 text
$ echo -e "T\x00\x00\x00\x1a\(ࣗॗʣxff\xff\xff\xff\x00" | nc 127.0.0.1 5432
؆୯
ύέοτΛ1ͭ͛Δ͚ͩͰམͪΔ
# ./packetbeat -N -e
...
2017/12/04 04:45:22.465965 log.go:145: ERR Stacktrace: goroutine 13 [running]:
runtime/debug.Stack(0xbd68c4, 0x2b, 0xc421249560)
/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/elastic/beats/libbeat/logp.Recover(0xbc366f, 0x14)
/go/src/github.com/elastic/beats/libbeat/logp/log.go:145 +0x138
panic(0xada5c0, 0xc4200100f0)
/usr/local/go/src/runtime/panic.go:458 +0x243
github.com/elastic/beats/packetbeat/protos/pgsql.pgsqlFieldsParser(0xc4211e8b00, 0xc421210749, 0x2f,
0x36, 0xbba4b1, 0xd)
/go/src/github.com/elastic/beats/packetbeat/protos/pgsql/parse.go:382 +0x53c
...
Slide 57
Slide 57 text
मਖ਼Օॴ
͞ͷ֬ೝΛ͢Δ͚ͩ
https://github.com/elastic/beats/pull/5457
Slide 58
Slide 58 text
ҙ
• ੬ऑੑΛݟ͚͍͖ͭͯͳΓPull RequestΛ͛ΔͷΊ
·͠ΐ͏
• ଞͷਓݟ͑ΔͷͰɺθϩσΠ߈ܸʹͳͬͯ͠·͍·͢
• దͳܦ࿏Ͱใࠂ͠·͠ΐ͏
• ϝʔϧʢϝʔϧͰௐ͔ͯ͠ΒPRΛ͛ͨΓʣ
• ػؔΛ௨͢ʢIPAJPCERT/CCͳͲʣ
Slide 59
Slide 59 text
Security update
https://discuss.elastic.co/t/beats-5-6-4-security-update/106739
Slide 60
Slide 60 text
·ͱΊ
OSSͷ੬ऑੑΛ୳࣌͢ʹͬͨ͜ͱ
• ͖ͳͷʹࢥ͍ΛͤΔ
• ੬ऑੑɾιϑτΣΞɾϓϩτίϧɾ͓ۚɹ
• ͖ͳͷʹؔ࿈͢ΔιϑτΣΞɾ੬ऑੑ͋ͨΓ͔Β୳ͯ͠ΈΔ
• աڈͷ੬ऑੑ͔ΒֶͿʢࣅͨͷ͕ݟ͔ͭΓ͍͢ʣ
• OSSͳΒͰͷํ๏Λར༻͢Δ
• ςετίʔυσόοΨ
• ࠓճDoSʹ͍ͭͯൃද͠·͕ͨ͠ɺಉ༷ͷํ๏Ͱଞʹ
ز͔ͭใࠂ͠·ͨ͠