Next: Users and Groups
Up: Secure Programming
Previous: Secure Programming
The following sections briefly cover some of the many different types of programs that can be exploited.
- Setuid Programs;
- The UNIX security model relies heavily on providing access to privileged services through trusted programs that are run by ordinary users but execute with all the privileges
of a more powerful user.
- The files storing these executables have the setuid or setgid
bits set, which gives the program all the privileges of the file owner (often root).
- The untrusted user, however, has control of the arguments, data files, and environment variables used by the program. The user can control the path used by the program to search for other programs it may execute or for shared libraries it may rely on (fortunately
many systems, including Linux, will override the shared library path for setuid programs).
- The user can control when the program runs and when it is prematurely terminated.
- Network Servers (Daemons);
- A cracker can easily launch a series of attacks against a server until one of them succeeds.
- The attacker has full control of the data sent to the server and when it is sent. The attacker can cause signals to be sent over a tcp stream.
- Network Clients;
- Although clients are not as easy to attack as servers (because they establish connections at their convenience and not the attacker's), they tend to be very vulnerable.
- Many clients are very large and complicated programs, and much less attention has been given to security than for a typical server.
- Web browsers often permit the server to execute code on the client machine (Java, JavaScript, ActiveX, and so on).
- Mail User Agents;
- Mail User Agents (MUAs) can be targeted directly, particularly with buffer overflow type exploits. And attachments to messages may contain hostile programs or documents that contain macro viruses.
- CGI Programs;
- CGI programs are invoked by the Web server at the request of an HTTP client to handle certain queries, form submissions, or even dynamic generation of entire Web sites.
- They have most of the vulnerabilities that would be associated with a server. Further, CGI programs are often written in very insecure scripting languages.
- Utilities;
- General utility programs that are not setuid are often thought of as not having security implications. Unfortunately, they may be used in contexts where that is not the case.
- Most UNIX compatible systems used to run the find utility periodically to locate old temporary files and core files and delete them. When find executes another program with the files it has located, it passes the command, including a filename, to the shell
blindly.
- Special characters in a filename would be interpreted by the shell, resulting in the ability to execute arbitrary commands.
- Other programs that are driven by the names of existing files and invoke other programs may have similar vulnerabilities unless precautions are taken.
- Consider what happens when you unpack a tar archive containing a few extra files with names like /etc/passwd or /etc/rhosts. Buffer overflows are theoretically possible in the filename or other header fields.
- Simple utilities, such as fgrep, cut, head, and tail, might be called from a CGI program. If these programs were vulnerable to buffer overflows as a result of input patterns, a system using them would be vulnerable to compromise.
- Applications;
- Applications such as word processors and spreadsheets are vulnerable as well. The simple fact of the matter is that people will receive data files from untrustworthy sources.
- Many of these have macro capabilities and the ability to have a macro automatically execute when a file is loaded; thus the popular "macro virus" was born.
- Even worse, some systems have mail and Web browsers configured to automatically open the application whenever a data file of that type is received. Far more subtle exploits are possible using
buffer overflows, for example.
Next: Users and Groups
Up: Secure Programming
Previous: Secure Programming
Cem Ozdogan
2007-05-07