Linux Security

Authors:-

• Advanced Linux Programmingby Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLCpublished by New Riders PublishingFirst Edition, June 2001

Abstract• Much of the power of a linux system comes from its

support for multiple users and for networking. Many people can use the system at once, and they can connect to the system from remote locations. Unfortunately, with this power comes risk, especially for systems connected to the Internet

The Linux kernel provides a variety of facilities to ensure that these events do not take place.

Users and Groups• Each Linux user is assigned a unique number, called a user ID,

or UID.– We can control access to a file or other resource by

associating it with a particular user ID. Then only the user corresponding to that user ID can access the resource.

• Each group is assigned a unique number, called a group ID, or GID.– Every group contains one or more user IDs.– A single user ID can be a member of lots of groups, but

groups can’t contain other groups, they can contain only users.

Example:

$ id uid=501(jigi) gid=501(jigi) groups=501(jigi),503(tycs)

User ID Group ID

Super User

• One user account is very special. This user has user ID 0 and usually has the username root. It is also sometimes referred to as the superuser account.

Process User IDs and Process Group IDs

• Every process has an associated user ID and group ID

• The process group id and user id are always going to be represented as Integer value.

File System Permission

• Current file systems have methods of assigning permissions or access rights to specific users and groups of users. These systems control the ability of the users to view or make changes to the contents of the file systems.

Basic ideas for file system permission

The Three task which is mostly performed are :

Reading WritingExecuting

This task can be performed by USERS , GROUP , OTHERS.

Structure

- rwx rw- r--

File type “-” indicates a regular file and “d” indicates directory file

Read , write and execute permission for owner of the file

Read and write permission for the owning group and not the execute permission

Only read permission for the others

Security Hole : Programs Without Execute Permissions

• A user who execute the program without the permission are the Malicious user.

• Malicious user makes a copy of the program , change the permission and then execute the copy of program.

• Method to overcome are :– Restrict the copying of the program

Sticky Bits

• This bit is applicable only for Directories.• A directory that has the sticky bit set allows

you to delete a file only if you are the owner of the file.

• Hence it is also known as Magic bit

Real and Effective Ids

There are two user and group ids :– real user id– real group id– effective user id– effective group id

(everything that’s true about user IDs is also true about group IDs)

Effective User IDs

• Effective IDs are most common id which is used by the kernel.

• The Kernel always check for the Effective user id.

• For example, if a process tries to open a file, the kernel checks the effective user ID when deciding whether to let the process access the file.

Real User IDs

• The real user id is required for changing the effective user id of an already running process, here the kernel checks for the real user id and the effective user id.

Rules for exchanging the IDs• The function used to change the user IDs for a

process is setreuid.• The kernel will let a process running with an effective

user ID of 0(root) change its user IDs as it sees fit.• A process whose effective user ID is 0 can do

absolutely anything it pleases. Any other process however can do only one of the following things:– Set its effective user ID to be the same as its real user ID– Set its real user ID to be the same as its effective user ID– Swap the two user IDs

Setuid Programs• How to become a root user if you are a non-root user ??

– $ whoami Mitchell– $ su Password…..– $ whoami Root

Authenticating Users

• Authentication is any process by which a system verifies the identity of a User who wishes to access it. Since Access Control is normally based on the identity of the User who requests access to a resource, Authentication is essential to effective Security.

• There is a way given out by Linux to overcome this problem through programs and that is Pluggable Authentication Module.

More Security Holes

• A security hole is a defect in a computer program that allows unauthorized users to gain access to a system or network and to interfere with its operation.

Buffer Overruns

• A buffer, in terms of a program in execution, can be thought of as a region of computer’s main memory that has certain boundaries in context with the program variable that references this memory.

Types of deamon

• Sendmail

• Finger

• Talk

Race Condition

An execution ordering of concurrent flows that results in undesired behavior is called race condition (a software defect and frequent source of vulnerability)

Race Condition Properties

There are three properties that are necessary for arace condition to exist:1. Concurrency Property: There must be at least twocontrol flows executing concurrently.2. Shared Object Property: A shared race object must be

accessed by both of the concurrent flows.3. Change State Property: At least one of the controlflows must alter the state of the race object.

Conclusion

• Designing and implementing a truly secure program is actually a difficult task on Unix-like systems such as Linux and Unix. Here are some of the key guidelines:

• Avoid buffer overflow: Make sure that long inputs (and long intermediate data values) can't be used to take over your program. This is the primary programmatic error at this time.

• Structure program internals: Secure the interface, minimize privileges, make the initial configuration and defaults safe, and fail safe. Avoid race conditions (e.g., by safely opening any files in a shared directory like /tmp). Trust only trustworthy channels (e.g., most servers must not trust their clients for security checks or other sensitive data such as an item's price in a purchase).

• Carefully call out to other resources: Limit their values to valid values and check all system call return values.

References:• http://www.advancedlinuxprogramming.com/alp-folder/alp-c

h10-security.pdf• http://www.tldp.org/HOWTO/Secure-Programs-HOWTO/

conclusion.html

Thank You

Presented By:- Jigisha Baria (4) Shruti Chaudhari (7) Heena Choudhary(9) Renu Patel (19)