Protection Bit Settings
Protection Bit Settings
Copyright(c) Management Analytics, 1995 - All Rights Reserved
Copyright(c), 1990, 1995 Dr. Frederick B. Cohen - All Rights Reserved
Problem:
In UNIX, there are so many protection bits, that it is
inevitable that many of them will be set to potentially hazardous
values. The most common problem comes when a file is created and the
operating system assigns initial protection bits. These bits are masked
by the current UMASK, which can be set by any program you run, and is
often defaulted so as to allow other users to be granted inappropriate
access. The threat from a wrong protection bit comes in a number of
ways.
If READ is granted when it should not be, it can be used to
leak private information. If READ is not granted when it should
be, it can cause denial of services because inaccessible information may
be required in order to perform a service.
If {it WRITE} is granted when it should not be, it allows another
user to arbitrarily change files. This makes introducing
a Trojan horse or corrupting data very simple. If {it write} is not
granted when it should be, it can cause denial of service or lost data
in cases where output cannot be stored.
If execute is not granted when it should be, it causes denial
of services, while an execute permission that should not be granted
may permit arbitrary access.
Prevention:
The most conservative way to manage protection is to default to
owner access only, and only grant other privileges when there is a
specific need. This unfortunately requires that users think about
protection issues if they ever want to share information. The default
can be set by changing the UMASK entry in `etcprofile' to change the
default provided to users.
Detection:
A common practice is to write an Sh script that searches the system
for protection settings that don't meet the system policy, and automatically
run that script periodically. This can be used to provide a limited form of
detection in simple instances, but is not a general purpose solution.
Cure:
The cure to this problem under UNIX is to provide proper defaults,
usable tools, and adequate user education about UNIX protection.