Security Mechanisms of UNIX

Question 1

What are the principals in UNIX?

Answer 1

user identifies (UID) and group identifiers (GID)

Question 2

what is a user identifier?

Answer 2

each user has a unique number (16 or 32 bit)

Question 3

what is a group identifier?

Answer 3

each group has a unique number (16 or 32 bit)

Question 4

what is UID 1 - 999?

Answer 4

reserved for specific operating tasks

Question 5

UID >= 1000

Answer 5

assigned to human users

Question 6

what is the username and UID of the superuser?

Answer 6

root, 0

Question 7

what is a process?

Answer 7

an instance of code in execution

Question 8

what is a PID?

Answer 8

process identifier

Question 9

what does the ssh process do?

Answer 9

offers remote login service with username/password authentication

Question 10

What does the ping program do?

Answer 10

provides users with network ping facility

Question 11

what are 4 standard attack methods with Set-User-ID programs?

Answer 11

• memory corruption
• command injection during sub-process invocation
• providing an unexpected execution environment
• race conditions

Question 12

what are 3 precautions you can take to prevent Set-User-ID program attacks?

Answer 12

• programs should have set-user-if status if absolutely necessary
• programs should drop their privileges asap
• inputs to set-user-ID need to be checked with extreme care

Question 13

what are objects (mainly)?

Answer 13

files and processes

Question 14

what is the central UNIX paradigm?

Answer 14

“Everything is a file”

Question 15

what is an inode?

Answer 15

a data structure on a traditional unix-style file systems

Question 16

what are hard links created with?

Answer 16

ln

Question 17

what are soft links created with?

Answer 17

ln -s

Question 18

what is an EUID?

Answer 18

a user identifier associated with the subject (process)

Question 19

when does the access control decision algorithm grant access?

Answer 19

if UID = EUID or GID 2groups(EUID) or if the ‘other’ operation bit is set