Unix Security Issues
-
Upload
beau-cherry -
Category
Documents
-
view
38 -
download
4
description
Transcript of Unix Security Issues
![Page 1: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/1.jpg)
Unix Security Issues
• Process Creation/Space
• Users and Groups
• File Permissions
• Relationship of Program and File Security
![Page 2: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/2.jpg)
Process Concepts
How they are created
and
managed
![Page 3: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/3.jpg)
Programs & Processes• Program : an executable
• Process(task) : an instance of a program. There can be many!
• Multi-tasking os : simultaneous execution of many tasks.– Some preemptive(process gives up CPU cyclically)
– Others non-preemptive (process doesn’t give up CPU).
• Examples : – In unix when you are running x-terminal windows, you can start a
program in one window and go to work on another application in another window. Preemptive because all processes appear busy.
– In windows, when an application goes off to do a job, it will not return control to the keyboard (process messages) until the job finishes UNLESS the app is programmed to spawn threads. App must do it explicitly in windows.
![Page 4: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/4.jpg)
Processes and IDs
• Processes have id numbers assigned by unix
• These numbers are for the purpose of communicating between processes, “kill”ing processes etc.
• These numbers are reused by the O.S. as new process numbers are required.
• These numbers (group and process) have NOTHING to do with user ids.
![Page 5: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/5.jpg)
Process IDs
• Numbers 0..30000– 0 swapper/scheduler– 1 init– 2 pagedaemon
• Assigned by the kernel (not a process)
• ID, ParentID, GroupID for each process.
• Other ids associated with permissions.
![Page 6: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/6.jpg)
Process CreationKernel
swapper PID0
pagedaemon PID2
init PID1
ChildChild
Child Child
ParentParent
Parent
![Page 7: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/7.jpg)
Creation of Child Processes• Created with fork()
• Child has own process id. Different from parent.
• getpid() returns your own process id• getppid() returns parent’s process id
• Parent can not find child processes as easily• fork() returns child PID to parent
• if parent dies, init process becomes parent
![Page 8: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/8.jpg)
Signals
• Communicate between processes– process to process– kernel to process
• Signals are simple integer messages
• Process can define its own handler
• Process can choose to ignore a Signal
![Page 9: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/9.jpg)
Controlling Signal handling
• signal ( signame, your function to handle)
or
• signal(signame, SIG_IGN);
to ignore the signal altogether
• returns a function result which is the OLD handler.
• save the old handler and restore when done.
![Page 10: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/10.jpg)
Critical Regions
can’t be interrupted in between statements
datebase updating and inserting into lists
int oldmask;
oldmask = sigblock(mask of signals to block);
/* critical region */
sigsetmask(oldmask);
![Page 11: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/11.jpg)
kill( pid, sig#)
• Does NOT kill.
• Sends a signal to a process.
• pid special values (examples)– 0 all in sending process group– -1 all processes whose real id = effective
user of the sending process.
AND OTHERS
![Page 12: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/12.jpg)
Process Groups
• Processes are a member of a process group
• Process group is a process and all siblings
• Process group number is that of oldest (highest) PID
• New numbering (re)set by setgpid()• Group id found by getpgid()• Groups for the purpose of signalling all group
members
![Page 13: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/13.jpg)
Users and Groups
Determining what you can access
![Page 14: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/14.jpg)
Users
• Users are defined by two steps– making an entry in the password file– setting up a directory for the user file space
jsmith:4r556$5t$:3032:120:John Smith:/home/jsmith:/bin/csh
user
encrypted password
userid
groupid
real name
home account
shell
![Page 15: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/15.jpg)
Passwords• Passwords are stored encrypted
• Encryption process is not reversible– can’t determine password from encryption– at least not very easily– sys admin can’t tell you, must reset if lost
• When user logs in password is put through a standard encryption routine and result is compared with password file
• file is typically /etc/password– exhaustive search used to crack
![Page 16: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/16.jpg)
Shadow Password
• stores passwords other than in /etc/passwd
• /etc/passwd still has general read permissions to associate owners w/ids etc
• stores actual encrypted password in a file only readable by root
• allows for password aging requiring users to change passwords within a predetermined time frame
![Page 17: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/17.jpg)
Groups
• Groups are a mechanism to share files
• Users are in a single group by default– /etc/passwd
• Users can be members of many groups
• Owners can change the group designation of a file
• A file can only be in ONE group
• Groups (as users) are administered by root
![Page 18: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/18.jpg)
File Ownership
![Page 19: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/19.jpg)
Files and Ownership• Access to files allows for degrees of use
• Three categories of ownership– owner– group– world
• Access is defined by the UNION of these three permission sets depending on the user.
• Each file is owned by ONE user and participates in ONE group– more on users and groups later
![Page 20: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/20.jpg)
File Permissions : example
owner group world
r w x r w x r w x
11 1111 0 0 0
4+2+1=7 4+2+0=6 0+0+1=1
= 761
-rwx rw- --x root other 34342 Jan 14 1999 thisfile
owner group size filename
![Page 21: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/21.jpg)
Directories
• r means the directory can be read/displayed
• w means files can be created/deleted
• x means you can traverse the directory– if not set the directory can be part of a path
name but not examined directly
• All users have world permissions
• Users can get additional permissions by owing or being part of the assigned group
![Page 22: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/22.jpg)
umask
• system has a default
• users can set their own default
• shows permissions NOT allowed
• e.g. umask = 0 1 1– file would be created 766
![Page 23: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/23.jpg)
Processes and Users
How do they relate?
![Page 24: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/24.jpg)
Processes and Users
• When a process is run, it runs with permissions of the user who launches
• It can create files if the person who runs it can (not the owner of the process)
• The program can be written to use setuid to change the userid of the person running the program to someone else as indicated previously.
![Page 25: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/25.jpg)
Real & Effective User/Group ID
• real user and group id from /etc/passwd
• effective initialized as same but can be changed
• real user/group is who is actually running
• effective is for determining permission– owner of the file, not the user running it
• Why would you want them to be different?
• non-privileged users accessing privlg. info
![Page 26: Unix Security Issues](https://reader036.fdocuments.us/reader036/viewer/2022062408/568130e1550346895d96f366/html5/thumbnails/26.jpg)
How does this suid work?• -rwsr-xr-x …. root …. passwd• program owned by root but run by someone
else
• program runs as though owned by root
• root wrote the program so allow root to do what it wants on your behalf (change your password)
• chmod +s• routine in program can now make suid call