News
Download
Prepatch
Documentation
Contact
|
Introduction
The Patch Integration Engine (PIE) is a system for the insertion of patches into a runtime process, allowing for the immediate correction of security vulnerabilities.
Consider this scenario. You are a system administrator in charge of the security of your network. A new vulnerability is found in a server running on your network. This server provides a service critical to the operation of your organisation. What do you do? The simple answer is to patch the system immediately, but the unfortunate reality is that things are not always simple.
Patching a server application inevitably causes downtime. This downtime might be as limited as the time it takes for the server to restart itself, or as disastrous as the server not starting up at all. Compatability also has to be considered: does this patch break anything else which might depend on the server? However, the flipside of this situation is just as disconcerting. The longer you leave the server unpatched, the higher the chances are that the vulnerability will be exploited.
The goal of PIE is to help system administrators faced with the tradeoff between the risk of patching and the risk of not. The abstract goal of the project is to offer a platform by which a vulnerable service may be patched while minimizing the risk of sustained downtime.
NOTE: PIE was created from a personal research interest in the potential uses of runtime code insertion. It is still in the early stages of development and testing, and as such it should not be used on production servers
What is PIE?
PIE itself is more of a platform than an individual program. It prevents the exploitation of security holes by changing the way a program runs as the program itself is running. Security vulnerabilities occur in functions; PIE secures these functions by inserting pieces of code most accurately described as "prepatches". The general idea of a prepatch is to run just before a vulnerable function is called and to verify that the data being passed to the function is not malicious. Consider this flow diagram showing a normal and a malicious function call:
PROGRAM --> vulnerable function --> PROGRAM
ATTACK --> PROGRAM --> vulnerable function --> ARBITRARY PROGRAM
After prepatching this scenario we get:
PROGRAM --> prepatch --> vulnerable function --> PROGRAM
ATTACK --> PROGRAM --> prepatch
At this stage, the prepatch recognises the attack and prevents the function from being exploited. As mentioned above PIE is not a singular program, but in fact consists of the three seperate parts described here in brief:
| libpie |
An API containing the functions needed to make a prepatch.
See "Libpie Reference". |
| pfp |
A tool for creating function fingerprints.
See "Pfp Reference". |
| pie |
The component that handles the actual insertion of prepatches.
See "Pie Reference". |
For technical details on how PIE works see the document "PIE Internals".
|