Modified Source Code

Linux source code is freely available and widely distributed. Skilled hackers have the ability to create their own unique back doors or data capture routines. The hacker may bring compiled modules for the system, if he has executable code for your type of machine, or he might bring his own source code and compile it on your system. This requires that the hacker port the code to your specific version of the UNIX system and that he have access to the compilers on the system. Therefore, when securing a system, the editors and compilers should be removed from the systems which do not need them.

Other UNIX systems, which do not have freely available source code, are still vulnerable to source code attacks, since UNIX system code is highly transportable. However, the hacker must have access to a development environment for the specific type of system. If your system provides this environment, then it is easier to create these back doors. Systems that are not software development systems should not have a developer's environment. Compilers should be removed from nondevelopment systems and access to development systems should be restricted. All your software development should use a source code management package that has strong authentication and logging. Source code is a valuable asset and should be handled with all the controls appropriate for an asset of its value.

^[40] Thompson, Ken, "Reflections on Trusting Trust," Communications of the ACM, v. 27, i. 8, August 1984.

Dynamically Loadable Modules

Dynamically loadable modules are a relatively new addition to the UNIX environment. They allow the system to load the module only when it is needed instead of integrating it into the software program. They are available in both user space, as shared libraries, and in kernel space, as dynamically loadable kernel modules (DLKM).

A shared library is a library of utilities that can be called from any program. Shared libraries differ from archive libraries in that they are not loaded into the executable program at program link time; instead, they are only pointed to from the executable and are executed at run time. Consequently, any modifications to the shared libraries are immediately realized by the programs that use them. So if a hacker replaces a utility in a shared library, all the programs which use that utility will be compromised. Shared libraries should be given more protection than programs since a modified shared library can have a much greater effect than a single modified executable program. The development tools required to modify modules should be only on secured development systems.

Dynamically loadable kernel modules work in the same manner. They are not statically linked into the kernel; rather, they are loaded when the system that uses the module is initiated. The ability to unload and reload these modules provides the ability to update modules without having to shut down the system. It also opens the door for hackers to install kernel level code into the system with little effort and little likelihood of discovery.

Software Developers

Sometimes vulnerabilities in a system will come from software developers ” not that they intentionally create them. Sometimes code is moved into production while it still contains debugging information or developer hooks.

Both these issues can be minimized if greater care is taken in the software development cycle. Regular software design reviews can help isolate design flaws that can lead to security issues. Before moving from development to production, code reviews should be performed to locate any development code that is still in the system.

Source code management is a large endeavor, and it is key, not only to the control of a software project, but also to improving the security of the software.