diff --git a/1_case_studies/3_turtlebot3/Dockerfile b/1_case_studies/3_turtlebot3/Dockerfile index a084db3..63332eb 100644 --- a/1_case_studies/3_turtlebot3/Dockerfile +++ b/1_case_studies/3_turtlebot3/Dockerfile @@ -103,57 +103,58 @@ RUN /bin/bash -c ". /opt/ros/$DISTRO/setup.bash \ examples_rclcpp_minimal_client turtlebot3_teleop" -####################### -# Install RTI Connext DDS -####################### -## From archives +# NOTE: uncomment at your own risk +# ####################### +# # Install RTI Connext DDS +# ####################### +# ## From archives +# # +# # # set up environment +# # ENV NDDSHOME /opt/rti.com/rti_connext_dds-6.0.1 +# # WORKDIR $NDDSHOME +# # # ADD https://s3.amazonaws.com/RTI/Bundles/6.1.0/Evaluation/rti_connext_dds-6.1.0-lm-x64Linux4gcc7.3.0.run ./ +# # COPY ./rti ./ +# # RUN chmod +x ./rti_connext_dds-6.1.0-lm-x64Linux4gcc7.3.0.run +# # RUN yes | ./rti_connext_dds-6.1.0-lm-x64Linux4gcc7.3.0.run && \ +# # mv y/*/* ./ && rm -rf y +# # +# # # set RTI DDS environment +# # ENV CONNEXTDDS_DIR $NDDSHOME +# # ENV PATH "$NDDSHOME/bin":$PATH +# # ENV LD_LIBRARY_PATH "$NDDSHOME/lib/x64Linux4gcc7.3.0":$LD_LIBRARY_PATH +# # # set RTI openssl environment +# # ENV PATH "$NDDSHOME/third_party/openssl-1.1.1k/x64Linux4gcc7.3.0/release/bin":$PATH +# # ENV LD_LIBRARY_PATH "$NDDSHOME/third_party/openssl-1.1.1k/x64Linux4gcc7.3.0/release/lib":$LD_LIBRARY_PATH # -# # set up environment -# ENV NDDSHOME /opt/rti.com/rti_connext_dds-6.0.1 -# WORKDIR $NDDSHOME -# # ADD https://s3.amazonaws.com/RTI/Bundles/6.1.0/Evaluation/rti_connext_dds-6.1.0-lm-x64Linux4gcc7.3.0.run ./ -# COPY ./rti ./ -# RUN chmod +x ./rti_connext_dds-6.1.0-lm-x64Linux4gcc7.3.0.run -# RUN yes | ./rti_connext_dds-6.1.0-lm-x64Linux4gcc7.3.0.run && \ -# mv y/*/* ./ && rm -rf y +# ## From deb files +# # install RTI Connext +# ENV RTI_NC_LICENSE_ACCEPTED yes +# RUN apt-get update && apt-get install -y \ +# ros-$DISTRO-rmw-connext-cpp \ +# && rm -rf /var/lib/apt/lists/* # -# # set RTI DDS environment -# ENV CONNEXTDDS_DIR $NDDSHOME +# # set up environment +# ENV NDDSHOME /opt/rti.com/rti_connext_dds-5.3.1 # ENV PATH "$NDDSHOME/bin":$PATH -# ENV LD_LIBRARY_PATH "$NDDSHOME/lib/x64Linux4gcc7.3.0":$LD_LIBRARY_PATH -# # set RTI openssl environment -# ENV PATH "$NDDSHOME/third_party/openssl-1.1.1k/x64Linux4gcc7.3.0/release/bin":$PATH -# ENV LD_LIBRARY_PATH "$NDDSHOME/third_party/openssl-1.1.1k/x64Linux4gcc7.3.0/release/lib":$LD_LIBRARY_PATH - -## From deb files -# install RTI Connext -ENV RTI_NC_LICENSE_ACCEPTED yes -RUN apt-get update && apt-get install -y \ - ros-$DISTRO-rmw-connext-cpp \ - && rm -rf /var/lib/apt/lists/* - -# set up environment -ENV NDDSHOME /opt/rti.com/rti_connext_dds-5.3.1 -ENV PATH "$NDDSHOME/bin":$PATH -ENV LD_LIBRARY_PATH "$NDDSHOME/lib/x64Linux3gcc5.4.0":$LD_LIBRARY_PATH -# ENV LD_LIBRARY_PATH "$NDDSHOME/lib/x64Linux4gcc7.3.0":$LD_LIBRARY_PATH - -# install RTI Security -WORKDIR $NDDSHOME -# ADD https://s3.amazonaws.com/RTI/Bundles/5.3.1/Evaluation/rti_connext_dds_secure-5.3.1-eval-x64Linux3gcc5.4.0.tar.gz ./ -COPY rti/rti_connext_dds_secure-5.3.1-eval-x64Linux3gcc5.4.0.tar.gz ./ -RUN tar -xvf rti_connext_dds_secure-5.3.1-eval-x64Linux3gcc5.4.0.tar.gz -C ./ -# COPY ./rti ./ -RUN rtipkginstall rti_security_plugins-5.3.1-eval-x64Linux3gcc5.4.0.rtipkg && \ - rtipkginstall openssl-1.0.2n-5.3.1-host-x64Linux.rtipkg && \ - tar -xvf openssl-1.0.2n-target-x64Linux3gcc5.4.0.tar.gz -ENV PATH "$NDDSHOME/openssl-1.0.2n/x64Linux3gcc5.4.0/release/bin":$PATH -ENV LD_LIBRARY_PATH "$NDDSHOME/openssl-1.0.2n/x64Linux3gcc5.4.0/release/lib":$LD_LIBRARY_PATH - -# # install RTI QoS +# ENV LD_LIBRARY_PATH "$NDDSHOME/lib/x64Linux3gcc5.4.0":$LD_LIBRARY_PATH +# # ENV LD_LIBRARY_PATH "$NDDSHOME/lib/x64Linux4gcc7.3.0":$LD_LIBRARY_PATH +# +# # install RTI Security # WORKDIR $NDDSHOME -# COPY rti/NDDS_QOS_PROFILES.xml ./ -# ENV NDDS_QOS_PROFILES "$NDDSHOME/NDDS_QOS_PROFILES.xml" +# # ADD https://s3.amazonaws.com/RTI/Bundles/5.3.1/Evaluation/rti_connext_dds_secure-5.3.1-eval-x64Linux3gcc5.4.0.tar.gz ./ +# COPY rti/rti_connext_dds_secure-5.3.1-eval-x64Linux3gcc5.4.0.tar.gz ./ +# RUN tar -xvf rti_connext_dds_secure-5.3.1-eval-x64Linux3gcc5.4.0.tar.gz -C ./ +# # COPY ./rti ./ +# RUN rtipkginstall rti_security_plugins-5.3.1-eval-x64Linux3gcc5.4.0.rtipkg && \ +# rtipkginstall openssl-1.0.2n-5.3.1-host-x64Linux.rtipkg && \ +# tar -xvf openssl-1.0.2n-target-x64Linux3gcc5.4.0.tar.gz +# ENV PATH "$NDDSHOME/openssl-1.0.2n/x64Linux3gcc5.4.0/release/bin":$PATH +# ENV LD_LIBRARY_PATH "$NDDSHOME/openssl-1.0.2n/x64Linux3gcc5.4.0/release/lib":$LD_LIBRARY_PATH +# +# # # install RTI QoS +# # WORKDIR $NDDSHOME +# # COPY rti/NDDS_QOS_PROFILES.xml ./ +# # ENV NDDS_QOS_PROFILES "$NDDSHOME/NDDS_QOS_PROFILES.xml" ####################### # Install RTPS dissector diff --git a/1_case_studies/3_turtlebot3/README.md b/1_case_studies/3_turtlebot3/README.md index 2121508..4c96366 100644 --- a/1_case_studies/3_turtlebot3/README.md +++ b/1_case_studies/3_turtlebot3/README.md @@ -7,6 +7,7 @@ Building on top of the previous [ROS 2 case study](../2_ros2), this piece aims t ### Dockerized environment Like in previous cases, when possible, we'll facilitate a Docker-based environment so that you can try things out yourself! Here's this one: +**NOTE**: RTI Connext setup process has been commented so you'll need to go ahead, uncomment that block in the Dockerfile and build at your own risk. ```bash # Build @@ -96,3 +97,14 @@ RMW_IMPLEMENTATION=rmw_connext_cpp ros2 run demo_nodes_cpp talker # split 2 sudo python3 exploits/crash_connext.py 2> /dev/null ``` + +### Credit +Part of this research is the result of a cooperation among various security researchers across groups as reported in [this advisory](https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02). The following individuals took part on it (alphabetical order): + +- [Chizuru Toyama](https://www.linkedin.com/in/chizuru-toyama-0a070427/) +- [Erik Boasson](https://www.linkedin.com/in/erik-boasson-21344912/) +- [Federico Maggi](https://www.linkedin.com/in/phretor) +- [Mars Cheng](https://www.linkedin.com/in/marscheng93/) +- Patrick Kuo +- [Ta-Lun Yen](https://www.linkedin.com/in/evsfy/) +- [VĂ­ctor Mayoral-Vilches](https://www.linkedin.com/in/vmayoral/)