UNIX System Configuration Problems

A possible security hole is present in Remote Procedure Calls (RPC). RPC allows remote execution of programs (and is essential in networking). When programs are executed with unnecessarily elevated privileges, as is sometimes the case, potential attackers can find access to the root account. In many Linux distributions, for example, RPC is enabled by default, with services that may be unneeded. Removal of these unnecessary services should be done to minimize this threat. Finger and ruser can be used by attackers to discover account names and guess passwords.

Finger should be disabled if unneeded. Also, poor passwords are an additional threat to system security. Care should be taken when issuing and allowing passwords, and a policy should be implemented to disallow users from creating weak passwords. As is often reiterated, passwords should not be dictionary words, and should be alphanumeric, or even better, alphanumeric+punctuation. Additionally, using one password for new accounts should not be practiced. Buffer overflows are a simple yet very effective attack.

When program code uses unbounded arrays, such can used to insert assembly code (past the end of the array) which will be executed by the program. Unix and derivatives have the concept of set-user-id (or suid) programs. When regular users need additional privileges, such as when changing a password, they can use a suid program to do so. This is a potential security threat; a buffer overflow can be exploited by an attacker. If the attacker can take advantage of the buffer overflow, he gains elevated privileges.

Daemons are particularly of concern, since these usually run with root privileges. Any daemons with buffer overflow problems can be exploited to gain unauthorized entry. Some sendmail vulnerabilities are also related to buffer overflows as well as pipe attacks. Aside from not running unneeded programs and using the latest security patches, the only ways to protect a system against buffer overflow attacks are to check the code itself, and to keep abreast of any advisories regarding this.

When it comes to web servers, the apache web server, which is widely used, can have known vulnerabilities, especially if it is not patched with the latest security updates. Apache should not be run as root, and unneeded scripting languages should be disabled. Software updates must always be installed as soon as they become available, as these usually fix known vulnerabilities. A computer system’s functionality and security are often at odds, and a good compromise must be arrived at.

If, as in the case of many Linux distributions, an operating system runs and is fully functional “out of the box”, chances are that it will have many security holes waiting for attackers to stumble upon. Care must be taken in choosing an operating system and in plugging security holes.

References

UNIX System Configuration Problems that are Exploited. The University of Hong Kong. Retrieved April 12, 2006, from http://www. hku. hk/cc/faq/security/unix. html Rajib K. Mitra. (1998). UNIX Security. Retrieved April 12, 2006, from http://www. windowsecurity. com/uplarticle/17/unix_security. txt