Program Authorizations

I l @ ve RuBoard

Some programs need to have permissions regardless of the permissions that the user running the program may have. Setting authorizations on programs gives those authorizations to the program. Program authorizations can also be used to isolate a system from other systems and minimize the requirements on user privileges.

Set-User-ID and Set- Group -ID

Set-User-ID, SetUID, is a permission that a program can have which sets the effective user ID to a specific user, instead of the actual user who is running the program. This is often used to grant privileges to a program so that anyone can run the program and it can still have the necessary permissions and ownership rights to perform its function. The Set-Group-ID, SetGID, is very similar to SetUID except it sets the effective group id.

The set-user-on-exec, setUID, and the set-group-on- exec , setGID, permissions on a program file allow a user to get the privileges of the specified user or group for the execution of that program. This allows a user to get access to resources only under the control of the specific program. This is referred to as an effective user ID and effective group ID.

You will want to inventory all of the setUID and setGID files on your system. This process should be run regularly and any changes to the list should be investigated. You can inventory the setUID and setGID file with the following commands:

 find / -perm +4000 -print  find / -perm +2000 -print 

If the system will allow a user to change the group or ownership of a file, a hacker may be able to set the file as a setUID or setGID file and then change the group or owner of the file. These commands may not reset the SUID or SGID permission bit. This would leave you with a SUID or SGID program. To test this you should create the following file called uid_test.c:

 main()  {    return(system("/bin/sh"));  } 

Compile the program with the command

 cc uid_test.c -o uid_test 

Now that you have an executable file uid_test, you can change the setUID and setGID bits and ownership and the group. If any of the ls -l commands shows that the program is either setUID or setGID, then this is a security issue.

 chmod 2111 uid_file  chgrp root uid_file  ls -l uid_file  chmod 2111 uid_file  ls -l uid_file  chmod 4111 uid_file  chown root uid_file  ls -l uid_file 

If the problem exists on your system, contact your vendor. You may want to limit the access to the change owner, chown , and change group, chgrp , commands. The change owner command can also be used to give the ownership of a file to another so that your accounting and bill-back system will charge that other person for the space consumed by the file.

On many systems, the UUCP command, uudecode , will create files with setUID or setGID permissions. This command, in conjunction with uuencode , is used to convert binary files to ASCII text files and back so that they can be transmitted over the UUCP network. The following code illustrates the UUCP header which contains permission information:

 begin 4777 filename 

A hacker may also be able to introduce setUID and setGID programs if he has mount capabilities by having the system mount a file system that contains a setUID or setGID file. On some systems, users are granted mount capabilities because they need to mount floppies or CD-ROMs. These capabilities can be granted through specific commands that mount the floppy or ROM. Investigate this because, if these are not standard commands, they may have flaws.

Mounting file systems should be done only by system managers. All file systems should be mounted with the no setUID flag set, so that any setUID or setGID file on that file system will be disabled.

If a hacker is able to have files restored onto the system, he may be able to have them restored into different directories or with different permissions than they were stored with. He may also be able to have files restored from a tape that was created on another system. This method will allow him to introduce any programs with any permissions and ownerships which he desires.

Your data handling policy must address the issues of authentication and permissions for the backup and restoration of data, especially with tapes that are removed off-site or brought on-site.

I l @ ve RuBoard


Halting the Hacker. A Practical Guide to Computer Security
Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)
ISBN: 0130464163
EAN: 2147483647
Year: 2002
Pages: 210

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net