[Page 591 (continued)]14.12. Security Issues Security is another topic to which one might devote an entire book. As you are no doubt aware, Linux systems are not 100% secure. No computer connected to any network can be. With the explosion of Internet connectivity, the problems have grown as well. UNIX was not originally designed with security in mind. The original UNIX environments were places where everyone trusted each other and there was no need. Linux improves on many of these problems, but it is still far from bulletproof. While there are many aspects to Linux security, the ones with which every user has experience are passwords and file permissions. These mechanisms are tough for a regular user to break but not so hard for experienced hackers. The best that a system administrator can do is to read about as many of the known security loopholes as possible and adopt strategies to stop them. To give you an idea of what you're up against, here are a couple of common password-nabbing techniques: If you have a regular account and desire a super-user account, you begin by obtaining a copy of the one-way encryption algorithm that is used by the Linux passwd utility. You also buy an electronic dictionary. Next, you copy the "/etc/passwd" file to your home PC and compare the encrypted versions of every word in the dictionary against the encrypted root password. If one of the dictionary entries matches, you've cracked the password! Other common passwords to test for include names of friends, pets, places, anything that is a known favorite of the person whose account you're trying to crack. This brute-force technique is very powerful, and may be defended against by asking everyone to pick non-English, nonobvious, nontrivial passwords.
[Page 592]A scheming user can use the command-superseding technique described on page 203 to trick a super-user into executing the wrong version of su. To use this Trojan horse technique, set $PATH so that the shell looks in your own "bin" directory before the standard "bin" directories. Next, write a shell script called su that pretends to offer a super-user login, but really stores the super-user password in a safe place, displays "wrong password", and then erases itself. When this script is prepared, call a super-user and tell him/her that there's a nasty problem with your terminal that requires super-user powers to fix. When the administrator types su to enter super-user mode, your su script executes instead of the standard su utility, and the super-user password is captured. The super-user sees the "wrong password" message and tries su again. This time, it succeeds, as your Trojan horse script has already erased itself. The super-user password is now yours! The way to defeat this technique is never to execute commands using a relative pathname when you're at an unfamiliar terminal. In other words, execute "/bin/su" instead of just "su".
The best ways to improve your knowledge of cunning schemes are to network with other system administrators and to read specialized system administration and security books such as [Nemeth, 2002] and [Toxen, 2003]. |
