|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Setuid programs -- Was Windows security -- Was: X11 server for Windows
|
Art,
Fred, thanks for pointing that out. I had never
thought uid/gid
through. Realized that it allowed regular users to run programs that
normally required elevated permissions, but never concluded that that
gave the user the other elevated permissions associated with the
program.
Yeah, if the setuid bit is set on a file that you run, it sets your
userid temporarily to the owner of the file, then runs the file,
then resets your userid.
This approach has been used by various OS's for decades. One of the
first reasons I heard for it was things like sending e-mail before
the advent of the Internet. Mail was sent local to a single machine.
The sender needed the ability to insert a message into the receiver's
mail file, but was not to be allowed to modify the file in any other
way, or even to read it. The mail program ran with special privileges
so that it could do so, on behalf of the sender. The mail program
could not (hopefully) be tricked into doing anything else.
One of my first successful hacks was sending VAX Mail to my boss from
God@Heaven.com with subject line "So long sucker!...". I did it by
guessing what exactly the mail program did, and what it checked and
didn't check about the "contents" of the mail message I sent. Took him
about a day to figure out the mail was from me, and about another week
to cajole me into telling him how I did it. That mail program has
since been made more secure.
Another interesting hack (not mine, alas) was done via VAX Phone
(an early version of Unix "talk", IRC, IM, etc.). Since it was a
privileged program that wrote your message to someone else's
terminal, it should have checked the text of the "message" more
carefully than it did. We used it to send commands to our victims
terminals, like "send embarrassing mail to victim's friend from
victim", or "print fake version of victim's resume to a shared
printer from victim's account", or "display a series of messages
that make it look like you are deleting all of the victim's files".
Could have done much more malicious stuff like "delete all of
victim's files", "install a virus on victim's machine", "send rude
e-mail to victim's boss", etc., but of course we didn't. "Hacking"
in those days was a challenge, a puzzle, an accomplishment, but not
malicious.
Fun times!...
Lesson: Always
validate user inputs thoroughly, especially in a
setuid program.
--Fred
---------------------------------------------------------------------
Fred Stluka -- mailto:fred@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
---------------------------------------------------------------------
Art Alexion wrote:
Fred, thanks for pointing that out. I had never thought uid/gid
through. Realized that it allowed regular users to run programs that
normally required elevated permissions, but never concluded that that
gave the user the other elevated permissions associated with the
program.
--
Art Alexion
On Aug 22, 2010 1:26 PM, "Fred Stluka" <fred@bristle.com>
wrote:
Art,
I absolutely agree with you overall, but some comments:
In my experience, Windows greatest vulnerability is its preference for
complexity where simplicity would do a better job. I don't think this
is a matter of poor engineering so much as the difficult goal of
satisfying both users and marketers.
Yes, I prefer to see simple solutions to simple problems, and
ideally even simple solutions to complex problems. The last
resort is a complex solution to a complex problem. Too many
Microsoft solutions are complex solutions to simple problems.
This IS poor engineering.
In order to make Windows easier to use and to include some whiz-bang
features in its application products, MS creates some intentional
security holes.
For example, even though I may not have permissions to a certain
directory, an instance of Outlook which I run may have permissions to
write to it. Contrast that with Linux aged my processes do not have
greater permissions than I have directly.
Good point, but bad example. It is common practice in Unix/Linux
for you to be able to run a program that has more privileges than
you do directly. See:
http://en.wikipedia.org/wiki/Setuid
--Fred
---------------------------------------------------------------------
Fred Stluka -- mailto:fred@bristle.com --
http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com --
Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
---------------------------------------------------------------------
Art Alexion wrote:
In my experience, Windows greatest vulnerability is its preference for
complexity where simplicity would do a better job. I don't think this
is a matter of poor engineering so much as the difficult goal of
satisfying both users and marketers.
In order to make Windows easier to use and to include some whiz-bang
features in its application products, MS creates some intentional
security holes.
For example, even though I may not have permissions to a certain
directory, an instance of Outlook which I run may have permissions to
write to it. Contrast that with Linux aged my processes do not have
greater permissions than I have directly.
Add to that, the fact that in order to create some of these backdoors,
MS engineers had to create a system that was more complex than
otherwise necessary, and complex systems tend to be more vulnerable
than simpler systems.
--
Art Alexion
On Aug 19, 2010 1:24 PM, "Edmond Rodriguez" <erodrig97.list@gmail.com <mailto:erodrig97.list@gmail.com>> wrote:
> On Wed, Aug 18, 2010 at 5:05 PM, JP Vossen <jp@jpsdomain.org
<mailto:jp@jpsdomain.org>> wrote:
>
>> "Microsoft Tax" = the additional hardware & yearly fees
for the add-on
>> software required tlo protect Windows from its own poorly
designed and
>> implemented self, while the overhead incidentally flattens
Moore's Law.
>
> I am all for Linux and have been using it almost exclusively. I
have
> used XP quite a bit.
>
> At a Central meeting once I brought the Windows vulnerability
thing up
> and asked what some of the vulnerabilities were. I know there is
all
> the buffer overrun stuff that comes up all the time. I sometimes
get
> security advisories in email similar to the buffer stuff for Linux
> software. Don't most of the problems come from people trying to
trick
> users into running various exe files or installing software?
>
> I ask the question, if Linux were as highly used as Windows, would
we
> feel threatened? Would people write software to try and trick us
> (especially a novice user)? Like trying to run some binary file
from
> some web dialog box made to look like a system dialog box or other
> trickery to get an exe to run.
>
> One person responded that a major problem with Windows
vulnerabilities
> is that many people run as administrator by default. I never
thought
> of that before, but it does seem true.
>
> So I guess I am wondering, other than it's popularity causing
people
> to want to do harm, what are the major vulnerabilities of Windows?
> How much of the vulnerability is because of it's popularity (not
> design) as compared to Linux?
>
> Again, I prefer Linux, and it's performance and ease, but that is
> another topic.
>
>
> Edmond
>
___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
------------------------------------------------------------------------
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|