Protection Bit Settings

Protection Bit Settings

Copyright(c) Management Analytics, 1995 - All Rights Reserved

Copyright(c), 1990, 1995 Dr. Frederick B. Cohen - All Rights Reserved

Problem:

In UNIX, there are so many protection bits, that it is inevitable that many of them will be set to potentially hazardous values. The most common problem comes when a file is created and the operating system assigns initial protection bits. These bits are masked by the current UMASK, which can be set by any program you run, and is often defaulted so as to allow other users to be granted inappropriate access. The threat from a wrong protection bit comes in a number of ways.

If READ is granted when it should not be, it can be used to leak private information. If READ is not granted when it should be, it can cause denial of services because inaccessible information may be required in order to perform a service.

If {it WRITE} is granted when it should not be, it allows another user to arbitrarily change files. This makes introducing a Trojan horse or corrupting data very simple. If {it write} is not granted when it should be, it can cause denial of service or lost data in cases where output cannot be stored.

If execute is not granted when it should be, it causes denial of services, while an execute permission that should not be granted may permit arbitrary access.

Prevention:

The most conservative way to manage protection is to default to owner access only, and only grant other privileges when there is a specific need. This unfortunately requires that users think about protection issues if they ever want to share information. The default can be set by changing the UMASK entry in `etcprofile' to change the default provided to users.

Detection:

A common practice is to write an Sh script that searches the system for protection settings that don't meet the system policy, and automatically run that script periodically. This can be used to provide a limited form of detection in simple instances, but is not a general purpose solution.

Cure:

The cure to this problem under UNIX is to provide proper defaults, usable tools, and adequate user education about UNIX protection.