GnuTLS: Big internal bugs, few real-world problems

GnuTLS: Big internal bugs, few real-world problems

Summary: Yes, GnuTLS has major security holes. So what? Almost no one uses it in ways where it could be vulnerable to fraud.

SHARE:

According to some reports you'd think the security sky was falling. Yes, GnuTLS, an open-source "secure" communications library that implements \Secure-Socket Layer (SSL) and Transport Layer Security (TLS), has serious flaws. The good news? Almost no one uses it. OpenSSL has long been everyone's favorite open-source security library of choice.

GnuTLS Logo
GnuTLS Logo

Red Hat discovered the latest in a long-series of GnuTLS bugs .

Latest? Yes, latest.

You see, GnuTLS has long been regarded as being a poor SSL/TLS security library. A 2008 message on the OpenLDAP mailing list had "GnuTLS considered harmful" as its subject — which summed it up nicely. 

In it, Howard Chu, chief architect for the OpenLDAP, the open-source implementation of the Lightweight Directory Access Protocol (LDAP), wrote, "In short, the code is fundamentally broken; most of its external and internal APIs are incapable of passing binary data without mangling it. The code is completely unsafe for handling binary data, and yet the nature of TLS processing is almost entirely dependent on secure handling of binary data. I strongly recommend that GnuTLS not be used. All of its APIs would need to be overhauled to correct its flaws and it's clear that the developers there are too naive and inexperienced to even understand that it's broken." 

With GnuTLS's most recent and perhaps biggest failure to date, Red Hat found that GnuTLS, when shown a specially rigged kind of bogus SSL certificate, would fail to see that the certificate was a fake.

The project itself, despite its name, is no longer associated with GNU or GNU/Linux. Its chief designer, Nikos Mavrogiannopoulos, had "a major disagreement with the Free Software Foundation's (FSF) decisions and practices. He then made it an independent project.

None of this has stopped some people from using GnuTLS. The usual reason is that its license, the Lesser Gnu Public License (LGPL), is considered more compatible with GPL licensed software such as Linux, than OpenSSL's BSD style open-source license.

There have been claims that "more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations." This statement was based on a single Debian user group discussion.

When I looked at this message thread the examples cited were multiple Debian network programs such as exim4, a mail transfer agent; cups, a print server; wget, a file retrieval program; and network-manager, a program used to set up network connections, relied on GnuTLS. Doing my digging I also found that Ubuntu uses GnuTLS with OpenLDAP. Whoops!

Now, make no mistake about it these are all important programs but none of them are used for financial transfers or other situations where a man-in-the-middle attack is likely to cause significant damage. In short, while the code's a real mess, it's highly unlikely anyone in danger of losing credit-card numbers to it. The Apple iOS and Mac OS X goto problem was much more serious.

In the real world almost all open-source based Web servers use OpenSSL. Of the two most popular open-source Web browsers Apache uses OpenSSL by default and nginx requires OpenSSL.

To sum up, no one should be using GnuTLS. There are far better security programs out there starting with the far more popular OpenSSL. If for some reason you must use GnuTLS for now, either upgrade to the latest GnuTLS version (3.2.12) or apply the GnuTLS 2.12.x patch. Oh, and developers? Start weaning your programs from GnuTLS, you, and your users, will be glad you did.  

Related Stories:

Topics: Security, Enterprise Software, Open Source, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

24 comments
Log in or register to join the discussion
  • GnuTLS: Big internal bugs, few real-world problems

    Bugs are created, Bugs are found, Bugs are fixed, the cycle will start again.
    RickLively
    • Did you even bother to read Steven's article?!

      Quoted in the article from Howard Chu:
      "the code [GnuTLS] is fundamentally broken; most of its external and internal APIs are incapable of passing binary data without mangling it. The code is completely unsafe for handling binary data, and yet the nature of TLS processing is almost entirely dependent on secure handling of binary data."

      This goes well beyond your "Bugs" malarky. It would appear that the open source GnuTLS project could benefit from Microsoft's SDLC aka security development lifecycle:

      http://www.microsoft.com/security/sdl/default.aspx
      Rabid Howler Monkey
      • Re; Rabid Howler Monkey

        I did the read the article, I also read what Nikos wrote in his blog in response to Mr. Chu's rant. is really gnutls considered harmful?

        http://nmav.gnutls.org/2011/05/is-really-gnutls-considered-harmful.html

        As far as the “Bugs”
        “Of course noone is claiming that GnuTLS is perfect and bug-free. No software is bug-free and don't believe anyone claiming it. “ --Nikos Mavrogiannopoulos
        RickLively
        • @RickLively, thanks for the response and link

          Here's an analysis of the GnuTLS vulnerability:

          http://blog.existentialize.com/the-story-of-the-gnutls-bug.html

          Note the criticisms.

          Cheers
          Rabid Howler Monkey
          • well, but it's solved, isn't it?

            well, but the link you've posted show the commit before the bugfix:

            "Now we're at the commit before the bug fix. Let's run git blame and see who edited what when:"

            so where is the problem? As RickLively said, is the software cycle!
            This is the magic of free (As in freedom) software!
            :-)
            I'll continue giving a chance to GNUTLs, because BSD licenses as APACHE, are not copyleft.

            pd:we've recently received information about security flaws in openssl too

            “Of course noone is claiming that GnuTLS is perfect and bug-free. No software is bug-free and don't believe anyone claiming it. “ --Nikos Mavrogiannopoulos

            :-e
            Joaq
  • The keyword is "yet"

    The thing about software is it tends to be used in ways its creators never intended. Assuming your assertion is true (and that's a BIG assumption) for current usage that doesn't mean usage won't change. And then your assertion will fail, and malware will sprout like mushrooms after a rain.
    Ardwolf
    • Thanks for that, Chicken Little!

      So basically, if hypothetical "Badness" were to happen then people would be Doomed!

      Well, that's settled that then!

      Are *you* planning to unleash this "GnuTLS Apocalypse" that you're so afraid of?
      Zogg
      • Polyanna much?

        No security hole is dangerous--until somebody exploits it. If GnuTLS has security holes they will be found and exploited. If that's not possible in the current usages well new uses WILL be found, it's just a fact of software.

        The fact you're willing to tolerate any known security issues is--disturbing. Are you waiting to exploit them yourself?

        (See how useless accusing someone is?)
        Ardwolf
        • More ridiculous hyperbole.

          Imagining preposterous worst-case scenarios is just silly. Your post is no more rational than saying "You must always wash your hands, because otherwise you might spread germs that could one day mutate into a plague that will end civilization as we know it!"

          The GnuTLS library has a bad reputation, and a better alternative exists in OpenSSL. The solution is therefore not to use GnuTLS.

          And relax.
          Zogg
  • Well, if it is as "not used" as you say it is

    Why not pull it from distros? Does not make any sense to distribute faulty libraries.
    Mac_PC_FenceSitter
    • Didn't you read the article?

      The article says that *almost* no-one uses it, and then goes on to list some programs that actually do. However, it qualifies that list by saying:

      "Now, make no mistake about it these are all important programs but none of them are used for financial transfers or other situations where a man-in-the-middle attack is likely to cause significant damage."

      But obviously, blindly and naively "pulling" the libraries from distros would break these programs, which is probably why they're still are being distributed at the moment.
      Zogg
      • More on this

        From Steven's link to Google Groups in the article, there are 224 packages in Debian's repositories that depend on GnuTLS. The short list of packages that Steven mentions in the article is just that.

        One must also consider that Debian is the most widely used base distro for deriving Linux distros. Linux Mint, Ubuntu and Debian are the top three (3) distros at DistroWatch by a country mile.
        Rabid Howler Monkey
        • I wonder how accurate / up-to-date that list of applications is.

          I've just checked wget's dependencies on a CentOS5 box, and it depends on OpenSSL. I've no idea why Debian's version might be using GnuTLS.
          Zogg
          • Debian's wget

            o old-stable uses libssl0.9.8
            o stable uses libgnutls26
            o testing uses libgnutls28
            o unstable uses libgnutls28

            The Debian Project probably switched from OpenSSL to GnuTLS because of the license.

            P.S. My TinyCore Linux system's wget also depends on OpenSSL.
            Rabid Howler Monkey
          • Yes, the license

            "The Debian Project probably switched from OpenSSL to GnuTLS because of the license."

            That's precisely why. I couldn't find a reference to post, but I know that is the reason why. (At least, I know it is why for OpenLDAP, and I'd guess the reason is the same for wget.)

            Unfortunately, I feel like what's missing from SJVN's analysis is just how much Ubuntu is used in RL. And Ubuntu gets all the goodness -- and all the shittiness, like this GnuTLS crap -- from Debian.

            Me, I'm frustrated because in RL, where I live, I've been bitten by bugs in GnuTLS several times. And recompiling packages in a vendor-provided and vendor-managed OS is not always a good solution, when you take the big picture of managing a server farm into account.
            jsilveronnelly
      • You do get that was a rhetorical question, right?

        Which is to say that this is in fact a real world problem, and these bugs need to be fixed.

        Don't do what we Mac users were always called out for doing, pooh-poohing bugs and problems as not real issues. Bugs need to be fixed - no matter what platform it is.
        Mac_PC_FenceSitter
        • A rhetorical response to something that wasn't even written!

          Why not comment on what actually *was* written instead?

          And no-one has said that the bugs don't need to be fixed, either. Probably the best fix would be to port the applications to OpenSSL - licence permitting.
          Zogg
  • Re: GnuTLS Big internal bugs, few real-world problems....

    Can we now assume as it no longer applies to Apple such a flaw is now deemed acceptable.
    5735guy
    • No

      Apple is sitting on over $150 billion U.S. of cash:

      http://www.fool.com/investing/general/2014/02/26/apples-cash-conundrum.aspx

      Just a fraction of this could buy a lot of SDLC and code testing/auditing.
      Rabid Howler Monkey
      • Re: No....

        That is entirely besides the point.

        What I was attempting to get across is had the SSL/TLS issue not appeared in Apple it would have not generated so much press here on ZDnet.

        Call me cynical if you like but the evidence of ZDnet being Anti-Apple is building rapidly. It is my believe that we can no longer rely on ZDnet for impartial reporting.

        Many of the articles that now appear here on ZDnet relating to Apple products are no more than click bait and when they are written they are intended to be no more than that.
        5735guy