Alex headshot

AlBlue’s Blog

Macs, Modularity and More

OSX and NTPD security update

2014, osx, security

Apple have recently released a slew of updates for the NTP daemon for 10.10, 10.9 and 10.8 versions of the operating system. It’s worth installing, but also to understand what the issue is.

What is NTP?

NTP stands for Network Time Protocol, and it’s a way of synchronizing your computer’s system clock with others on the internet. Most computers have a built-in clock with a battery backup to keep the time when the power is off (though the Raspberry Pi is an example of a computer which does not have a battery backed clock – which explains why it’s always 1970 when it boots).

NTP provides a way of determining how far out the local computer’s time with a known good time (provided by, e.g. time.euro.apple.com). It’s not enough just to say ‘What is the time?’ since by the time (aha) you get the response back, the time will have moved on some indeterminate number of milliseconds. In the same way you wouldn’t post a letter to someone to ask what day it is, simply asking a remote server what it thinks the time is is already going to be out-of-date.

On OSX, when the ’Set date and time automatically’ is checked, the operating system will kick off a program ntpd as root to keep the local computer’s time in sync.

What’s the problem?

According to Apple, there is a remote exploit possibility due to a remote buffer overrun in the ntpd program. It’s been given CVE-2014-9295 as a designator, and lists that it’s network exploitable. That’s because the ntpd is a two-way program; it sends a request and then listens for responses. Since network messages go via UDP, it’s possible for a remote attacker to send a message even if the ntpd isn’t expecting a response. It’s this that makes it globally targetable.

The CVE lists that it can be used to play a redirect for DDoS attacks, but Apple has listed it as remotely exploitable as well; so it may be more dangerous than it would seem at first glance.

In essence, if you are running an open ntpd on your network via a publicly routable device, it’s going to have problems.

Applying the update

If you’re running on 10.10, 10.9 or 10.8 then a sudo softwareupdate -i -a or using the update should work. If you’re running on older versions, you’re out of luck.

Older versions of OSX

If you’re running an older version, Apple hasn’t backported the fixes. In addition, it’s not clear that the source dumps at http://opensource.apple.com have been updated to take advantage of the fixes. So you can’t even build the version.

You could try building a version of ntpd from the upstream distribution at www.ntp.org, but there may be problems with it.

Alternatively, stop running ntpd on vulnerable Macs. This is easy to stop; go to System Preferences, then Date and Time, and uncheck the ‘Set the time automatically’ checkbox from the Date and Time tab. At least you won’t be hit whilst that isn’t running, but your time will drift.

To set the time, it’s possible to run ntpdate as root via a periodic script, using the name of the ntp hostname in the dialog box. Whilst the time is being set you may be vulnerable to responses, but at least it won’t be a 24h exposure. Running sudo crontab -e and adding

Setting the time via cron
1
@daily /usr/sbin/ntpdate time.euro.apple.com

would be enough to reset the time on a daily basis to ensure that it doesn’t drift too far.

For the really paranoid, you can run:

1
@daily /usr/bin/sandbox-exec -f /usr/share/sandbox/ntpd.sb /usr/sbin/ntpdate `dig +short time.euro.apple.com`

This will run the date seting under a sandbox profile that allows the time to be set, but not to do any other operations. This is why the host lookup needs to be done in backticks; because the sandbox profile doesn’t allow for DNS lookups.

Summary

Install the NTP security fix as soon as possible on computers that are supported. For those that aren’t, turn off the automatic date and time updates and instead use a crontab to periodically kick off the network requests, optionally running under a sandbox profile to prevent any (non-network) related issues from occuring.

EclipseCon Europe and book codes

2014, conference, eclipse, eclipsecon

Unfortunately I wasn’t able to make EclipseCon Europe this year in Ludwigsberg. It sounds like it was a great conference, with the announcement of Eclipse Cloud Development and the new release of Orion.

To celebrate, I have managed to arrange a deal with my publishers for 25% off the retail price of Eclipse Plug-in Development for Beginners and Mastering Eclipse Plug-ins. Head to one of the two URLs and use the code to get it:

Codes are valid until 2nd November 2014.

Swift - enums

2014, mac, swift

In this episode of the Swift introduction series we’ll be looking at enums in Swift.

Enumerations (aka enums) are found in most programming languages as a means to associate a symbol with set membership over a closed group of alternatives. In some cases, the values associated with an enum are meaningless (e.g. Male, Female) and in other cases they hold useful data (e.g. East might have a value of 90 and NorthEast might have a value of 45).

Traditional languages represented an enumeration always as an alias for an integral value and used sleight-of-hand to replace the value at compile time, like a set of #define constants. Although this worked, it meant that enums could be substituted for one another even when it didn’t make sense (e.g. Male == North).

Swift’s enums are more powerful, and enum types are distinct, even if they represent the same values. As a result, it is not possible to compare two enums for equality unless they are of the same type.

For example, to create a simple enum for representing gender:

Defining a Gender enumeration
1
2
3
4
5
Welcome to Swift!  Type :help for assistance.
  1> enum Gender {
  2.   case Male
  3.   case Female
  4. }

There’s no comparison or ordering between different elements; they are just a property which can be one or the other. The enumeration type can be used as an argument type, return type, or variable type using a dot syntax as with structures:

Using a Gender enumeration
1
2
3
4
5
6
  5> let alblue:Gender = Gender.Male
alblue: Gender = Male
  6> alblue == Gender.Male
$R0: Bool = true
  7> alblue == Gender.Female
$R1: Bool = false

Since Swift knows that the type of the variable is Gender, it is not necessary to supply the type of the enumeration at the point of use. This has exactly the same effect:

Using a Gender enumeration with just the enum type
1
2
3
4
5
6
  8> let alblue:Gender = .Male
alblue: Gender = Male
  9> alblue == .Male
$R2: Bool = true
 10> alblue == .Female
$R3: Bool = false

This is commonly seen when passing in flags or other properties in a Swift function. In particular, most of the existing constants in the Objective-C codebase (such as UIDeviceOrientation) are exposed as Swift enumerations, meaning that just the value can be used (such as .UIDeviceOrientationPortrait).

Enumerations can also store values along with their types as well. For example, in nuclear physics, atoms are made up of Quarks, which can have an associated colour property of Red, Blue or Green. These can be represented as enumerations as follows:

Representing Quarks in Swift
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 11> enum QuarkColor {
 12.   case Red, Blue, Green
 13. }
 14> enum Quark {
 15.   case Up(colour:QuarkColor)
 16.   case Down(colour:QuarkColor)
 17.   case Charm(colour:QuarkColor)
 18.   case Strange(colour:QuarkColor)
 19.   case Top(colour:QuarkColor)
 20.   case Bottom(colour:QuarkColor)
 21. }
 22> let proton = [
 23.   Quark.Up(colour:.Red),
 24.   Quark.Up(colour:.Green),
 25.   Quark.Down(colour:.Blue)
 26. ]
proton: [Quark] = 3 values {
  [0] = Up = { colour = Red }
  [1] = Up = { colour = Green }
  [2] = Down = { colour = Blue }
}
 27> let neutron = [
 28.   Quark.Up(colour:.Red),
 29.   Quark.Down(colour:.Green),
 30.   Quark.Down(colour:.Blue)
 31. ]
neutron: [Quark] = 3 values {
  [0] = Up = { colour = Red }
  [1] = Down = { colour = Green }
  [2] = Down = { colour = Blue }
}

The values in an enum can also be used in patterns in a switch statement. For example, to represent a suit of cards it’s possible to represent both suits and face values:

Representing cards as enums
1
2
3
4
5
6
7
8
9
10
11
 32> enum Suit {
 33.  case Clubs, Diamonds, Hearts, Spades
 34. }
 35> enum Rank:Int {
 36.  case Two = 2, Three, Four, Five
 37.  case Six, Seven, Eight, Nine, Ten
 38.  case Jack, Queen, King, Ace
 39. }
 40> enum Card {
 41.  case Face(Rank, Suit)
 42. }

In the same way that values like Card.Face(.Ace,.Spades) can be used to create a card, it can be used to match a card as well:

Switching on enums
1
2
3
4
5
6
7
8
9
10
 43> let card:Card = .Face(.Ace,.Spades)
card: Card = Face {
  Face = { 0 = Ace, 1 = Spades }
}
 44> switch card {
 45.   case .Face(.Ace,_): println("Smoke me a kipper")
 46.   case .Face(_,.Hearts): println("♥")
 47.   default: println("Try again")
 48. }
Smoke me a kipper

The use of enums as pattern matchable objects is very useful for fungible data structures, like structs. However enums aren’t expected to be fully fledged objects; rather, they are useful at representing orthogonal states for a particular system; whether it be a quark or a card.


In next week’s episode, we’ll look at how to do more functional programming in Swift. To subscribe to this series, add the Swift tag feed to your reader.