Security and software vulnerabilities

From semantic-mediawiki.org

The Semantic MediaWiki project is cautious about security aspects and is striving to eliminate any possible vulnerabilities in regards to its maintained software.

Reducing attack vectors[edit]

The following is a list that contains counter measurements that have been introduced to minimize possibilities of attack vectors.

  • `Special:SMWAdmin` requires the `smw-admin` rights to access and interact with this special page
  • `Special:SpecialDeferredRequestDispatcher` can only be used on POST requests and requires a valid `requestToken`
  • `RegEx` patterns (hereof possibly injection vulnerabilities1) (when referenced in Property:Allows pattern) can not be stored or changed in `MediaWiki:Smw allows pattern` unless the user obtains the `smw-patternedit` right which be default is only assigned to the `smwcurator` group and not assigned to any user.
  • SQL injections are of lesser concern as no user is able to directly communicate with the `SQLStore` DB layer
  • Query execution time is not suspect to any limitation, yet $smwgQMaxDepth, $smwgQMaxInlineLimit, and $smwgQMaxSize are provided as means to reduce the possibility of long running queries (and hereby could be used as a DoS vector2) and to avoid unanticipated query constructs

Noticing a vulnerability[edit]

If vulnerabilities are discovered, special care is needed to minimize the risk of them being exploited. In particular, it is wise to first contact the core developers directly, to ensure that an updated version can be released before the bug is public. Also note that the project is public and can be monitored by potential attackers. So commit messages like "Fixed critical security vulnerability" can also be problematic. For more information on handling security problems in open source software, see http://producingoss.com/en/publicity.html#security.

References

  1. ^  Regular expression denial of service (ReDoS) is an algorithmic complexity attack that produces a denial-of-service by providing a regular expression that takes a very long time to evaluate.
  2. ^  Denial-of-service attack (DoS) is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services.