IBM developerWorks: Improving the security of open UNIX platforms

Sep 29, 2001, 23:30 (1 Talkback[s])
(Other stories by Igor Maximov)

[ Thanks to Kellie for this link. ]

"The open UNIX operating systems FreeBSD and Linux Mandrake both have integrated shell security systems. The FreeBSD program is located in /etc/security. The Mandrake Security Package for Linux can be found in /usr/share/msec . These standard tools are similar in functionality, but they limit the file system integrity control to files with SUID and SGID flags. But Mandrake calculates MD5 file checksums differently from FreeBSD.

Usually a running program gains access to system resources relative to the program user's rights. Setting up SGID and SUID flags changes this so that the access rights are assigned according to a file owner's rights. Thus, a running executable owned by root gets unlimited access to system resources regardless of the program's user. In this case, setting SUID and SGID flags cause inheritance of file owner's rights and group owner's rights respectively. Privileges are then changed (usually extended) only for the run time and only for the program. Other processes launched by the application also inherit its rights. Therefore, SUID and SGID flags should be set with caution and only for those programs that can not launch arbitrary tasks.

Tracing modifications made to new system files with SGID/SUID flags is an extremely difficult task. But with enough experience and caution, system services and settings can be modified without changing standard file attributes (usually an administrator pays attention to the dates a file was created and modified). The following program traces changes made to all the files of a specified directory using an integrity test based on MD5 checksum, which prevents modifications from being masked."

Complete Story

Related Stories:

• BindView Research Report: Vulnerabilities in Operating-System Patch Distribution(Dec 25, 2000)