Skip to content

Page108

Privileged Programs

On UNIX and Linux systems, a regular user cannot edit the password file (/etc/passwd) and shadow file (/etc/shadow), which store account information and encrypted passwords, respectively. But users need to be able to change their passwords (and thus those files). How can they change their passwords if they cannot (directly) change those files?

The answer is setuid (set user ID) programs. Setuid is a Linux and UNIX file permission that makes an executable run with the permissions of the file's owner, and not as the running user. Setgid (set group ID) programs run with the permissions of the file's group.

FIG. 4.15 shows the permissions of the Linux command /usr/bin/passwd used to set and change passwords. It is setuid root (the file is owned by the root user, and the owner’s execute bit is set to “s,” for setuid), meaning it runs with root (super user) permissions, regardless of the running user.

FIG. 4.15 Linux setuid root program /usr/bin/passwd.

The “passwd” program runs as root, allowing any user to change their password, and thus the contents of /etc/passwd and /etc/shadow. Setuid programs must be scrutinized for security holes: attackers may attempt to trick the passwd command to alter other files. The integrity of all setuid and setgid programs on a system should be closely monitored.

Virtualization, Cloud, and Distributed Computing

Virtualization and distributed computing have revolutionized the computing world, bringing wholesale changes to applications, services, systems data, and data centers. Yesterday’s best practices may no longer apply. Where is the DMZ when your data is in the cloud? Can your NIDS monitor data sent from one guest to another in a single host? Does your physical firewall matter?

Virtualization

Virtualization adds a software layer between an operating system and the underlying computer hardware. This allows multiple “guest” operating systems to run simultaneously on one physical “host” computer. Popular transparent virtualization products include VMware, QEMU, and Xen.

There are two basic virtualization types: transparent virtualization (sometimes called full virtualization) and paravirtualization. Transparent virtualization runs stock operating systems, such as Windows 11 or Ubuntu Linux 22.04, as virtual guests. No changes to the guest OS are required. Paravirtualization runs specially modified operating systems, with modified kernel system calls. Paravirtualization can be more efficient but requires changing the guest operating systems. This may not be possible for closed operating systems such as the Microsoft Windows family.

Hypervisor

The key to virtualization security is the hypervisor, which controls access between virtual guests and host hardware. A Type 1 hypervisor (also called bare metal) is part of an operating system that runs directly on host hardware. A Type 2 hypervisor runs as an application on a normal operating system, such as Windows 10. For example: VMware ESX is a Type 1 hypervisor and VMware Workstation is Type 2.

Many virtualization exploits target the hypervisor, including hypervisor-controlled resources shared between host and guests, or guest and guest. These include cut-and-paste, shared drives, and shared network connections. A physical SPAN port or tap cannot see traffic passing from one guest to another on the same host. NIDS vendors are beginning to offer virtual IDS products, running in software on the host, and capable of inspecting host-guest and guest-guest traffic. A similar physical to virtual shift is occurring with firewalls.