CS 480 M01 Lecture Notes 3 - Aug 29, 2022

Last Time

Chapter 1. Where to Start Continued

• Units
• Where To Go For Info
• Links

Ch 3. Access Control and Rootly Powers

• Standard / Traditional UNIX Access Control
• Becoming a root

Ch 3. Access Control and Rootly Powers Continued

Password

• Choosing:
  • should not be easy to guess but memorable at infrequent intervals
  • most important is the length - at least 8 chars but
    • only 8 significant chars in DES
    • better MD5 or even better SHA-512
  • random string - theoretically the most secure but ...
  • "shocking sequence phrase" or "shocking nonsense"
  • use the same pw on clone systems
• change often
  • ~ every 3 month
  • when co-worker leaves
  • when suspecting compromise of system

Extensions to Standard Access Control Model

• Trying to address the shortcomings of traditional model
  • if root compromised the whole system, compromised
  • subdividing privileges only through suid programs
  • not strong enough for network (Can I trust the UID on the other machines? ...)
  • impossible to implement higher level security conventions
  • rules embedded into the code of commands (passwd) - can't change wo changing source code and recompiling
  • minimal support for auditing
• PAM - Pluggable Authentication Module (authentication technology rather then access control)
  - a wrapper for a variety of method-specific authentication libraries - admin can specify the authentication methods
• Kerberos - cryptographic authentication method (p. 586)
• ACLs - Access Control Lists - part of the filesystem implementation (more in chapter 5)
• Linux capabilities - divide root powers into ~separate permissions.
  example: CAP_NET_BIND_SERVICE - allows to bind to port ≤ 1023
• Linux namespaces - segregates processes into hierarchical partitions - only a subset of the system's files, network ports, and processes can be seen

Modern Access Control

• Mandatory access control
  Standard UNIX model is "discretionary access control" - allows the owners of access-controlled entities to set the permissions on them.)
  MAC systems let administrators write access control policies that override or supplement the discretionary permissions of the traditional model (for example, a rule that home dir accessible by owner only)
• Role Based AC - theoretical model that adds a layer of indirection to access control
• SELinux (Security Enhanced) - NSA project integrated into 2.6 kernel that allows to enable mandatory access control (MAC) - users cannot delegate or set access params on their objects
• AppArmor - a form of MAC and is intended as a supplement to the traditional UNIX access control system.

Other Special Pseudo Users

password and shell fields to set * and /bin/false or /bin/nologin
• bin
• daemon
• nobody (NFS)
• pseudo-users associated with specific pieces of software (* for pw; /bin/false or /bin/nologin for login shell)

next ... Perl Warm-Up; Ch 4. Process Control