Unix for Security Professionals full

Like most operating systems in the last 40 years, Unix uses a hierarchical "tree-structured" filesystem (interestingly, tree-structure and other aspects of the Unix file system are a direct result ofthe original Unix developers being influenced by the Multics project they had been working on).Directories contain files and subdirectories which, may in turn, contain other files andsubdirectories, and so on.
Nội dung trích xuất từ tài liệu:
Unix for Security Professionals full Unix for Security Professionals Security Essentials The SANS Institute Unix Security - SANS ©2001 1All material in this course Copyright © Hal Pomeranz and Deer Run Associates, 2000-2001. Allrights reserved. Hal Pomeranz * Founder/CEO * hal@deer-run.com Deer Run Associates * PO Box 20370 * Oakland, CA 94620-0370 +1 510-339-7740 (voice) * +1 510-339-3941 (fax) http://www.deer-run.com/ 2-1 Agenda • A Brief History of Unix • Booting Unix • The Unix File System • Manipulating Files and Directories • Unix Privileges Unix Security - SANS ©2001 2This page intentionally left blank. 2-2 Agenda (cont.) • Unix Processes • Networking • System Services • Unix Backups • Wrap-up Unix Security - SANS ©2001 3This page intentionally left blank. 2-3 The Unix File System Unix Security - SANS ©2001 4In this section, we look at the Unix file system, starting at the logical layers and working down to thephysical configuration of the Unix file system. Access control and file permissions are discussed andUnix commands for manipulating files are introduced. 2-4 Unix File System Limits • File names can contain any characters except / and null (ASCII 0) • File names cannot be longer than 255 characters • Cant specify directory pathnames longer than 1024 characters Unix Security - SANS ©2001 5Like most operating systems in the last 40 years, Unix uses a hierarchical tree-structured filesystem (interestingly, tree-structure and other aspects of the Unix file system are a direct result ofthe original Unix developers being influenced by the Multics project they had been working on).Directories contain files and subdirectories which, may in turn, contain other files andsubdirectories, and so on. The Unix file system was explicitly designed to be permissive as far asfile and directory names, so any character is allowed in a file or directory name except /(which is used to specify full path names such as /etc/passwd) and null (ASCII 0, which isthe Unix string termination character).File names can be up to 255 characters long (longer than anybody would possibly want to type).Most Unix programs, however, wont accept pathnames longer than 1024 characters. Longerpaths than this may exist on Unix systems, but must be referenced as relative pathnames ratherthan full, explicit pathnames from the root of the file system. One trivial denial of service attackis to write a recursive program which creates a directory, changes directories into the newdirectory, then creates another subdirectory, and continues this process until all file systemresources are exhausted. Clearing up such a mess is fairly tedious due to the 1024 characterpathname limit.Another problem occurs when trying to share files from a Unix system to a machine with a morelimited file name vocabulary (like MS-DOS machines). Some algorithm must be created tomorph Unix file names into locally useful file names. The same problem happens in reverse onMacOS systems which allow / to appear in folder names. 2-5 File Names Containing Spaces % touch foo bar % ls foo bar ps_data % rm foo bar foo: No such file or directory bar: No such file or directory % ls -l total 16 -rw-r--r-- 1 hal deer-run 0 Jun 10 10:56 foo bar -rw-rw-r-- 1 root sys 4476 May 17 15:41 ps_data % rm foo* Unix Security - SANS ©2001 6Another problem with the permissive nature of the Unix file naming scheme is that spaces may beembedded in Unix file names (you see this most frequently on files imported from Windows andMacintosh machines). Unfortunately, the Unix shell interprets space as a separator betweencommand arguments unless the command line is properly quoted.In the first line of our example, we see somebody using the touch command to create a file with aspace in the name (touch is normally used to update the last modified time on a file, but as a side-effect it will create an empty file if no file with the given name exists). A naïve user getting adirectory listing might assume that the directory actually contained three files– two of which werenamed foo and bar. However, attempting to remove these two files (or attempting to removethe file foo bar without proper quoting) yields an error message. A long listing of thedirectory shows that there are in fact only two files here, one of which has an embedded space.At this point, the user has the option of simply issuing an rm command with proper quoting (per thefirst line of the example) or using a wildcard (*) to specify all files beginning with foo. Sincethere are no other files in the directory which match foo*, this is safe to do. 2-6 Did You Say Any Character? % touch foo\^Hbar % ls ...