CMS Airship: Free secure content management

CMS Airship is a free content management system designed and maintained by a team of PHP security experts at Paragon Initiative Enterprises.

The web interface for managing your HTTP Public Key Pinning headers

CMS Airship has all three properties needed for a secure code delivery system:

• Reproducible builds
• Userbase consistency verification
• Cryptographic signatures.

“Reproducible builds ensure that if you execute the same build commands from the same source code, you get the same deliverable. This is a ‘nothing up my sleeves’ security property: if the code is open source and independently verifiable, and if the same deliverable is produced from the code, the software you install is therefore also verifiable,” Robyn D. Terjesen, CEO of Paragon Initiative Enterprises, told Help Net Security.

“Userbase consistency verification is both a mitigation and deterrent for sophisticated attackers looking to perform silent, targeted attacks. This is a ‘herd immunity’ security property: if you can cryptographically verify that every CMS Airship in the world sees the same packages and public keys for each package supplier, it becomes infeasible to infect one host without either infecting all other hosts or alerting the entire world to the existence of the attack. Cryptographic signatures provide a proof of software authenticity, so long as the supplier can maintain the confidentiality and accessibility of their signing key. Most software projects with security-savvy team members offer at least this much,” explained Terjesen.

CMS Airship is powered by the Sodium cryptography library, accessed through Halite, an easy-to-use libsodium wrapper, which was open sourced last year. For a detailed write-up of the cryptography involved in CMS Airship go here.

Minimum requirements for running CMS Airship include:

• PHP 7.0 or newer
• PECL Libsodium 1.0.6 or newer
• Libsodium 1.0.10 or newer.

CMS Airship extensions

CMS Airship extensions come in three flavors:

1. Cabins are self-contained applications. Cabins can have their own Gadgets and Motifs developed specifically for them. Universal Gadgets and Motifs can also be applied. For example, if you wanted to build a shopping cart in Airship, you would most likely want to develop a Cabin rather than extend the functionality of one of the existing Cabins (Bridge and Hull).

2. Gadgets are intended to affect the behavior of an existing Cabin (or all Cabins). From within a Gadget, you can extend the functionality of core framework features (via the Gears API the company provides), add new Landings to an existing Cabin, and much more.

3. Motifs are intended to affect the appearance of an existing Cabin (or all Cabins). A Motif can override the base template or define new CSS and JavaScript files.

Menu for managing the configuration for a specific Cabin

Development challenges and future plans

​The biggest challenge the developers faced was ensuring secure code delivery not only for CMS Airship updates, but for any community-developed extensions as well. The second biggest challenge was reconciling a system that automatically updates itself with developers’ desires to customize their software. Their solution was the Gears system.

“The Gears system exploits a property of object oriented languages called class inheritance,” says Terjesen, and explains: “Let’s say we write a bit of code to display a blog post author’s biography, and you wanted to build a ‘contact this author’ form into their biography page through which users can send them an email. Instead of editing the core files and risk having your changes obliterated when we release a new CMS Airship patch, just create your own package, extend the existing class with your custom features, then tell the Gears API to upgrade the old class with your modification. Airship will recognize your changes and use your extended functionality.”

When it comes to the future, Terjesen tells us they have a few ideas on paper, such as administrator-approved additions to the Content-Security-Policy header on a per-page basis, and a GUI for developing CMS Airship extensions as an alternative to the command line utility. In any case, most of the development direction will be driven based on security necessity and the needs of the community that forms around CMS Airship.