Introduction to Computer Security

Similar documents
Introduction to Computer Security

Processes are subjects.

Processes are subjects.

Operating system security

CIS 5373 Systems Security

User Commands chmod ( 1 )

Files (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1

5/8/2012. Encryption-based Protection. Protection based on Access Permission (Contd) File Security, Setting and Using Permissions Chapter 9

INSE 6130 Operating System Security. Overview of Design Principles

INSE 6130 Operating System Security

Access Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.

IS 2150 / TEL 2810 Information Security and Privacy

CS 392/681 - Computer Security. Module 5 Access Control: Concepts and Mechanisms

Data Security and Privacy. Unix Discretionary Access Control

Discretionary Access Control

cs642 /operating system security computer security adam everspaugh

Outline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components

Introduction to Security

Permissions and Links

Chapter 5: User Management. Chapter 5 User Management

System Programming. Introduction to Unix

File Properties and Permissions

Introduction to Security

bash startup files Linux/Unix files stty Todd Kelley CST8207 Todd Kelley 1

lsx [ls_options ] [names]

Privileges: who can control what

Operating system security models

Q) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system...

Secure Architecture Principles

CS 392/681 - Computer Security. Module 6 Access Control: Concepts and Mechanisms

Unix, History

PESIT Bangalore South Campus

CSE543 - Introduction to Computer and Network Security. Module: Operating System Security

CIS Operating Systems File Systems Security. Professor Qiang Zeng Fall 2017

Securing Unix Filesystems - When Good Permissions Go Bad

Internet Security General Unix Security

Secure Architecture Principles

Cyber Security. General Unix Security

Capability and System Hardening

User accounts and authorization

CS246 Spring14 Programming Paradigm Notes on Linux

An Introduction to Unix Power Tools

User Management. René Serral-Gracià Xavier Martorell-Bofill 1. May 26, Universitat Politècnica de Catalunya (UPC)

Project #3: Implementing NIS

UNIX/Linux Auditing. Baccam Consulting, LLC Training Events

Users and Groups. his chapter is devoted to the Users and Groups module, which allows you to create and manage UNIX user accounts and UNIX groups.

Information Security CS 526

Chapter 8: Security under Linux

Welcome to Linux. Lecture 1.1

Secure Architecture Principles

Unix/Linux: History and Philosophy

Secure Architecture Principles

CST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management

Unix Basics. UNIX Introduction. Lecture 14

Chapter 1 - Introduction. September 8, 2016

Datasäkerhet/Data security EDA625 Lect5

Find out where you currently are in the path Change directories to be at the root of your home directory (/home/username) cd ~

TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control

UNIX Kernel. UNIX History

User Commands find ( 1 )

Answers to Even- Numbered Exercises

System Administration

Lab Authentication, Authorization, and Accounting

CSN09101 Networked Services. Module Leader: Dr Gordon Russell Lecturers: G. Russell

Keys and Passwords. Steven M. Bellovin October 17,

Computer Center, CS, NCTU

Pre-Assessment Answers-1

8. Files and File Systems

? Resource. Announcements. Access control. Access control in operating systems. References. u Homework Due today. Next assignment out next week

The UNIX File System

MANAGING THE NONUNIFORM BEHAVIOUR OF TERMINALS AND KEYBOARDS. : WHEN THINGS GO WRONG

CptS 360 (System Programming) Unit 6: Files and Directories

UNIX Concepts COMPSCI 386

Everything about Linux User- and Filemanagement

Parents and Children

General Access Control Model for DAC

CSE 565 Computer Security Fall 2018

User Commands ls ( 1 )

File Access Control Lists (ACLs)

Sandboxing. (1) Motivation. (2) Sandboxing Approaches. (3) Chroot

Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)

O/S & Access Control. Aggelos Kiayias - Justin Neumann

The kernel is the low-level software that manages hardware, multitasks programs, etc.

We ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?

UNIX File Hierarchy: Structure and Commands

Protection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger

INTRODUCTION TO LINUX

CSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions

Unix Internal Assessment-2 solution. Ans:There are two ways of starting a job in the background with the shell s & operator and the nohup command.

Operating systems fundamentals - B10

Introduction to Systems Security

OS Security. Authorization. Radboud University Nijmegen, The Netherlands. Winter 2015/2016

CST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management

User & Group Administration

Perl and R Scripting for Biologists

Software I: Utilities and Internals

The UNIX File System

Outline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines

LAB #7 Linux Tutorial

CSE 390a Lecture 4. Persistent shell settings; users/groups; permissions

Transcription:

Introduction to Computer Security UNIX Security Pavel Laskov Wilhelm Schickard Institute for Computer Science

Genesis: UNIX vs. MULTICS MULTICS (Multiplexed Information and Computing Service) a high-availability, modular, multi-component system secure design from ground up: implementation of BLP initial development from 1963 to 1969; continued until 1985; last system decommissioned in 2000 UNIX: the opposite of MULTICS initial assembler implementation by Ken Thompson and Dennis Ritchie for PDP-7 and PDP-11 rewritten in C in 1973: the first operating system written in a high-level language continuous evolution of various dialects of UNIX and its routines for almost 40 years

UNIX security architecture

UNIX security architecture None!

Security and UNIX design

Security and UNIX design Security was not a primary design goal of UNIX; dominant goals were modularity, portability and efficiency.

Security and UNIX design Security was not a primary design goal of UNIX; dominant goals were modularity, portability and efficiency. UNIX provides sufficient security mechanisms that have to be properly configured and administered.

Security and UNIX design Security was not a primary design goal of UNIX; dominant goals were modularity, portability and efficiency. UNIX provides sufficient security mechanisms that have to be properly configured and administered. The main security strength of UNIX systems comes from open source implementation which helps improve its code base.

Security and UNIX design Security was not a primary design goal of UNIX; dominant goals were modularity, portability and efficiency. UNIX provides sufficient security mechanisms that have to be properly configured and administered. The main security strength of UNIX systems comes from open source implementation which helps improve its code base. The main security weakness of UNIX systems comes from open source implementation resulting in a less professional code base.

Principals User identifiers (UID) Group identifiers (GID) A UID (GID) is always a 16-bit number A superuser (root) always has UID 0. UID information is stored in /etc/passwd GID information is stored in /etc/group

User account information: /etc/passwd 1 Username: used when user logs in, 1 32 characters long 2 Password: x indicates that encrypted password is stored in /etc/shadow 3 User ID (UID): 0 reserved for root, 1-99 for other predefined accounts, 100-999 for system accounts/groups 4 Group ID (GID): the primary group ID 5 User ID Info: a comment field 6 Home directory: The absolute path to the directory the user will be in when they log in 7 Command/shell: The absolute path of a command or shell (/bin/bash)

/etc/passwd examples root:x:0:0:root:/root:/bin/bash dhcp:x:101:102::/nonexistent:/bin/false syslog:x:102:103::/home/syslog:/bin/false laskov:x:1000:1000:pavel Laskov,,,:/home/laskov:/bin/bash nobody:x:65534:65534:nobody:/nonexistent:/bin/sh

Shadow password file 1 Username: the user name 2 Passwd: the encrypted password 3 Last: days since Jan 1, 1970 that password was last changed 4 May: days before password may be changed 5 Must: days after which password must be changed 6 Warn: days before password is to expire that user is warned 7 Expire: days after password expires that account is disabled 8 Disable: days since Jan 1, 1970 that account is disabled Examples: root:!:14118:0:99999:7::: laskov:$1$/et/grjh$xssvnwpda35twsst7yjvb/:14118:0:99999:7:

Password encryption on UNIX DES prepend password with 2-bit salt take 7 lowest bits from first 8 characters encrypt a fixed 64-bit string with DES using 56 bits as a key convert the resulting 64 bits into 11 ASCII characters using 6 bits for character (2 bits padded with zeros) MD5 originally written for FreeBSD to avoid export restrictions no limit on password size is indicated by the starting $1$ in the shadow file

Group file 1 Groupname: the group name 2 Password: an x indicates that a password is set and if left blank no password has been set 3 GID: the group ID number 4 Members: current members of the group separated by a comma Examples: root:x:0: adm:x:4:laskov laskov:x:1000:

Root privileges Almost no security checks: all access control mechanisms turned off can become an arbitrary user can change system clock Some restrictions remain but can be overcome: cannot write to read-only file system but can remount them as writable cannot decrypt passwords but can reset them Any user name can be root! root:x:0:1:root:/:/bin/sh funnybunny:x:0:101:nice Guy:/home/funnybunny:/bin/sh

Subjects The subjects in UNIX are processes identified by a process ID (PID). New process creation fork: spawns a new child process which is an identical process to the parent except for a new PID vfork: the same as fork except that memory is shared between the two processes exec family: replaces the current process with a new process image Processes are mapped to UIDs (principal-subject mapping) in either of the following ways: real UID is always inherited from the parent process effective UID is either inherited from the parent process or from the owner of the file to be executed

Objects Files, directories, memory devices, I/O devices etc. are uniformly treated as resources subject to access control. All resources are organized in tree-structured hierarchy Each resource in a directory is a pointer to the inode data structure that describes essential resource properties.

Inode Structure mode uid gid atime mtime itime block count ptr file type and access control rights user name group name last access time last modification time last inode change time size of the file in blocks pointers to physical blocks with file contents

Mode field in detail File/resource type - file d directory b block device file c character device file s socket l symbolic link p FIFO Access control rules (permissions) owner rights r, w, e, - group rights r, w, e, - world rights r, w, e, - Examples -rw-r--r-- 1 laskov laskov 10652... 08-unix.tex lrwxrwxrwx 1 root root 15... stdin -> /proc/self/fd/0 crw------- 1 laskov tty 136... /dev/pts/1

Directory permissions read: searching a directory using e.g. ls write: modifying directory contents, creating and deleting files and directories execute: making a directory current and/or opening files in it

Managing permissions Octal encoding of permissions read-only: 100 B 4 read-write: 110 B 6 read-write-execute: 111 B 7 Modifying permissions chmod 777 filename chmod u+rwx,g+rx,o-w filename Changing file owner (root only) chown user:group filename

Default permissions Default permissions are usually 666 for files and 777 for programs. umask command changes default permissions synopsis: umask mask the inverse of mask is added to the current permissions Examples: def. perm. mask inv. mask result 777 022 755 755 777 027 750 750 666 033 744 644 666 077 700 600

Controlled invocation Certain actions, e.g. using system ports (1-1023) or changing a password, require root privileges. We don t want to give users a general root privilege by telling them a root password, but only the right to run selected commands as root.

Controlled invocation Certain actions, e.g. using system ports (1-1023) or changing a password, require root privileges. We don t want to give users a general root privilege by telling them a root password, but only the right to run selected commands as root. Solution: set a special flag indicating that a program can be run under the privilege of its owner rather than that of a calling user.

Controlled invocation Certain actions, e.g. using system ports (1-1023) or changing a password, require root privileges. We don t want to give users a general root privilege by telling them a root password, but only the right to run selected commands as root. Solution: set a special flag indicating that a program can be run under the privilege of its owner rather than that of a calling user. Disadvantage: this right cannot be given to selected users: all users in the world (or in a group) can run a program under its owner s privilege.

SUID, SGID and sticky flags A fourth octal number is added to permissions with the following bit designations: SUID: set UID (allow all users to run a program) SGID: set GID (allow all users in a specific group to run a program) sticky flag: only an owner (or root) can remove files in a directory Use chmod with four octal digits to set the extra flags: chmod 7644 08-unix.tex ls -l 08-unix.tex -rwsr-sr-t 1 laskov laskov 13031... 08-unix.tex

Secure mounting of filesystems By mounting an external file system we cannot guarantee that it is free from malicious programs, e.g. SUID to root programs. As a result, access control setting may need to be redefined for mounted media: Security options to the mount command: -r: read-only mount -o nosuid: turn off SUID flags for all data in a mounted file system -o noexec: no program can be run from a mounted file system -o nodev: no character or block device can be accessed from a mounted file system

Search paths A potential danger lies attacker s diverting of execution of a wrong program with the same name. Rules of conduct: If possible, specify full paths when calling programs, e.g. /bin/sh instead of sh. The same applied to programs to be run locally: use./program instead of program. Make sure. is the first symbol in the PATH variable. This will at least prevent calling a remote version of a program if what you really want is a local invocation.

Security features missing in UNIX ACLs in general (getfacl only gets permissions) Data labeling, e.g. secret, classified etc. Mandatory access control, so that individuals are unable to overrun certain security decisions made by an admin (e.g. chmod 777 $HOME is always possible) Capabilities are supported by only a small subset of UNIX-like operating systems (e.g. Linux with kernel versions above 2.4.19) Standardized auditing

Summary UNIX provides a set of flexible security mechanisms; however, their efficacy relies on careful and knowledgable administration. UNIX does not provide several key features suggested by security models, e.g. no ACLs or security levels. The main security strength lies in its open source implementation; hence, security flaws are discovered and fixed early.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback