Exploiting Permission Vulnerabilities

Previous page
Table of content
Next page
I l @ ve RuBoard

File permissions are a common security problem on most systems. File permissions, even though a simple concept, are often misunderstood. The security of a file is based on both its permissions and the permissions of its parent directory. There are also variations in the implementation of special permission bits and in the implementation of access control lists.

  • Discretionary access controls, DAC, are those access controls by which the information owner has control over who gets access to the files he owns. DACs are usually implemented with permission bits which define the levels of access or an access control list, ACL, which specifically details what users have which permissions. The owner of a file is usually the person who creates the file. However, ownership may be assigned to an information curator and not the creator.

  • Mandatory access controls, MAC, are those access controls that are controlled by the system. They are either built into or configured into the system. Mandatory access control is a method by which the system administrator defines a series of access rules that must be met to allow access to the file. These controls are usually in addition to discretionary access control. Traditionally, mandatory access controls are not seen outside the military and government. However, today many businesses are looking at these controls, especially as businesses venture into the area of highly interconnected networks, such as the Internet.

    Here are some common permission problems that cause security issues.

Default Permissions

The built-in shell command umask is used to set file creation permissions. When a file is created, each bit in the file mode creation mask that is set causes the corresponding permission bit in the file mode to be cleared. Each invocation of a shell will have an independent "umask" that can be set by the user .

Generally , there is a system "umask" that is set in one of the start-up scripts. This mask is the default unless a user either has invoked the command directly or has it in his personal start-up script. It is advisable to set the global umask value to as strict a value as possible. A value of 037 will allow the owner to read and write the file while the group will have read permissions and all others will have no permissions. The actual value you set should be dependent on your data security policy.

Directories

Inappropriate permissions on directories will not only compromise the information in that directory, but also all the information in all the subdirectories below this directory. Once a hacker has access to a directory he can subvert any subdirectory by creating a new subdirectory and copying all of the old directory into the new directory, replacing the files he wants, then removing the old directory and replacing it with the new directory.

Directory permissions are very important since one mistake can compromise dozens or even hundreds of files. The higher in the directory tree, the more compounded the problem. When additional physical disk drives are added to a system, they are mounted on a directory. This directory is referred to as a mount point. Special attention should be paid to these directories; these are often under-secured. Also check the root directory; if it is compromised, the whole system is at risk.

When the sticky bit is set on a directory, it prevents any regular user from deleting any file in the directory which he or she does not own even if the permissions of the directory would allow it. This feature can add an additional level of security to public directories, such as /tmp .

Home Directories

Your home directory is the directory you are assigned when you log in. This directory has your personal start-up files and configuration files for the programs you run. It is also the location that is generally used for any work in process. Users' home directories are some of the most important directories and need to be properly secured.

Any user's home directory that has permissions that will allow a hacker to write into it will allow him to alter the user's start-up files. With this capability, he can alter program start-up scripts and configuration files that will allow him to masquerade as that user or gain that user's privileges.

It is very important to monitor the permissions of both the users' home directories and the configuration files in those home directories. Users' home directories should be owned by the user and should not be writable by anyone else. The configuration files in the home directory should not be writable or readable by anyone other than their owner. The only exception to this is when the account is a restricted account, which means that the user is not allowed to change his environment. Generally, these are user accounts that are defined to have a very limited scope of abilities , such as " ftp" and " tftp" accounts.

Device Files

Any device file that is insufficiently protected will allow a hacker to gain access to the information on that device. If it is a terminal, he can monitor keystrokes or plant a spoof. If it is a backup device, he may be able to read and rewrite backup tapes and may well be able to modify the information on the backup. If he can read the disk device, any file on that disk can be read. With write access to the memory device file, the hacker can change anything that is in the system's memory, including his own privileges.

Device file permissions are the most important of all file permissions, since access to one device file gives you access to all the information on that device and possibly control of the entire system.

Device files should be limited to the /dev directory. The following command will find device files which are not in the /dev directory. 

 find / -type b -o -type c -print  grep -v ^/dev/ 2>/dev/null

Symbolic and Hard Links

Links are a method of giving the same file more than one name that can be in different directories. Hard links are created by having multiple directory entries that point at the same file and thus the permissions and the ownership are reflected the same in each entry. However, a symbolic link is just a file that points to another file by name . There is no other association between these files, so a file and a symbolic link may have different owners and permissions. Symbolic links can also be used to point to directories.

Links are not inherently a problem; however, since a symbolic link can point to a directory, a misplaced chmod -R (due to its recursive nature) can change the permissions on the files in the subdirectories pointed to by that symbolic link which can be anywhere in the file system. The following command will find all symbolic links on a system: 

 find / -type l -print 2>/dev/null
I l @ ve RuBoard

Previous page
Table of content
Next page
Halting the Hacker. A Practical Guide to Computer Security
Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)
ISBN: 0130464163
EAN: 2147483647
Year: 2002
Pages: 210
Authors: Donald L. Pipkin
BUY ON AMAZON
Java I/O
Network Security Architectures
Programming Microsoft ASP.NET 3.5
InDesign Type: Professional Typography with Adobe InDesign CS2
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Comparing, Designing, and Deploying VPNs
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy