Home 零对冲(ZeroHedge)每日HackerNews

Let's Encrypt 的更多内存安全:部署 ntpd-rs
More Memory Safety for Let's Encrypt: Deploying ntpd-rs

原始链接: https://letsencrypt.org/2024/06/24/ntpd-rs-deployment.html

Let's Encrypt 以颁发免费 SSL/TLS 证书而闻名​​,由于广泛使用 C 和 C++ 等不安全编程语言,该公司担心其基础设施的安全性。 他们自己的软件使用内存安全的 Golang,但由于服务器和网络缺乏内存安全性,经常会出现漏洞。 为了解决这个问题,他们于 2020 年启动了一个名为 Prossimo 的项目,重点关注增强互联网关键基础设施的内存安全。 他们开发了多个软件组件,例如 Rustls TLS 库、Hickory DNS、River 反向代理和 sudo-rs 等。 2022 年 4 月,他们开始致力于改进、内存安全的 NTP 实现 - ntpd-rs。 成熟后,目前由 Project Pendulum 维护。 到 2024 年 4 月,ntpd-rs 已引入 Let's Encrypt 生产环境,标志着 Prossimo 内存安全软件的首次部署。 未来的计划包括从 OpenSSL 及其衍生品过渡到 Rustls、使用 Hickory 升级 DNS 软件、从 Nginx 切换到 River、从 sudo 迁移到 sudo-rs,同时继续依靠社区支持和通过 [email protected] 提供的潜在赞助。

NTPsec 软件包已取代 Debian 中的 NTP。 默认情况下,它使用 NTP 池,无需国家时间安全 (NTS)。 然而,NTPsec 在个人服务器操作上支持 NTS,并允许可选的客户端使用。 Systemd-timesyncd 是 Debian 的标准选择,它不支持 NTS。 由于不同的运营商,在池内实施 NTS 会带来复杂性。 相反,每台计算机都会生成证书签名请求 (CSR),并将其发送到集中式服务以进行证书颁发,从而确保池成员之间安全、签名的文档交换。 由于与错误解析网络数据包相关的潜在风险,内存安全对于网络服务至关重要。 NTP 特别需要过渡到像 Rust 这样的内存安全语言,以解决多个基于 C 的漏洞。 考虑到其故障的影响,其他关键组件(例如 DNS)也被优先考虑进行过渡。 Let's Encrypt 的开发人员提倡采用 Rust,因为它能够处理内存不安全的“最后一英里”,而其他语言未能有效完成这一点。
相关文章
原文

When we look at the general security posture of Let’s Encrypt, one of the things that worries us most is how much of the operating system and network infrastructure is written in unsafe languages like C and C++. The CA software itself is written in memory safe Golang, but from our server operating systems to our network equipment, lack of memory safety routinely leads to vulnerabilities that need patching.

Partially for the sake of Let’s Encrypt, and partially for the sake of the wider Internet, we started a new project called Prossimo in 2020. Prossimo’s goal is to make some of the most critical software infrastructure for the Internet memory safe. Since then we’ve invested in a range of software components including the Rustls TLS library, Hickory DNS, River reverse proxy, sudo-rs, Rust support for the Linux kernel, and ntpd-rs.

Let’s Encrypt has now taken a step that was a long time in the making: we’ve deployed ntpd-rs, the first piece of memory safe software from Prossimo that has made it into the Let’s Encrypt infrastructure.

Most operating systems use the Network Time Protocol (NTP) to accurately determine what time it is. Keeping track of time is a critical task for an operating system, and since it involves interacting with the Internet it’s important to make sure NTP implementations are secure.

In April of 2022, Prossimo started work on a memory safe and generally more secure NTP implementation called ntpd-rs. Since then, the implementation has matured and is now maintained by Project Pendulum. In April of 2024 ntpd-rs was deployed to the Let’s Encrypt staging environment, and as of now it’s in production.

Over the next few years we plan to continue replacing C or C++ software with memory safe alternatives in the Let’s Encrypt infrastructure: OpenSSL and its derivatives with Rustls, our DNS software with Hickory, Nginx with River, and sudo with sudo-rs. Memory safety is just part of the overall security equation, but it’s an important part and we’re glad to be able to make these improvements.

We depend on contributions from our community of users and supporters in order to provide our services. If your company or organization would like to sponsor Let’s Encrypt please email us at [email protected]. We ask that you make an individual contribution if it is within your means.

联系我们 contact @ memedata.com