Unix Security Flashcards
The basic security structure of UNIX
What is the primary purpose of the ‘setuid’ bit in UNIX?
A) To allow users to execute scripts
B) To enable a process to run with the file owner’s privileges
C) To restrict file execution
D) To change file ownership
B) To enable a process to run with the file owner’s privileges
Explanation:
The setuid bit allows a user to run an executable with the permissions of the file owner, typically used to allow access to privileged operations.
Which command is used to change the group ownership of a file in UNIX?
A) chmod
B) chown
C) chgrp
D) groupmod
C) chgrp
Explanation:
chgrp changes the group ownership of a file. chown changes the file owner.
In UNIX, what does the permission ‘rwxr-xr–’ signify?
A) Owner: read, write, execute; Group: read, execute; Others: read
B) Owner: read, execute; Group: write, execute; Others: read
C) Owner: read, write; Group: read; Others: execute
D) Owner: write, execute; Group: read; Others: read
A) Owner: read, write, execute; Group: read, execute; Others: read
Explanation:
rwxr-xr– breaks down as owner (rwx), group (r-x), others (r–).
Which of the following is a vulnerability associated with symbolic links in UNIX?
A) Buffer overflow
B) Race condition
C) Link traversal
D) Stack smashing
C) Link traversal
Explanation:
Symbolic links can trick a program into accessing or modifying unintended files, leading to vulnerabilities like privilege escalation or data leaks.
What does the ‘nosuid’ mount option do in UNIX?
A) Disables execution of binaries
B) Ignores set-user-identifier or set-group-identifier bits
C) Prevents mounting of the filesystem
D) Enables device files
B) Ignores set-user-identifier or set-group-identifier bits
Explanation:
nosuid prevents execution of binaries with setuid/setgid bits, a key mitigation against privilege escalation.
Which user ID is associated with the superuser in UNIX systems?
A) 0
B) 1
C) 100
D) 999
A) 0
Explanation:
UID 0 is reserved for the superuser or root in UNIX.
What is the function of the ‘chroot’ command in UNIX?
A) Changes the root password
B) Changes the root directory for a process
C) Deletes the root directory
D) Grants root privileges to a user
B) Changes the root directory for a process
Explanation:
chroot confines a process to a specific directory subtree, often used to sandbox services.
In UNIX, which file contains encrypted user passwords?
A) /etc/passwd
B) /etc/shadow
C) /etc/group
D) /etc/login.defs
B) /etc/shadow
Explanation:
/etc/shadow contains encrypted passwords and is readable only by root.
Which of the following is a discretionary access control mechanism in UNIX?
A) Mandatory Access Control
B) Role-Based Access Control
C) File permissions (read, write, execute)
D) Access Control Lists
C) File permissions (read, write, execute)
Explanation:
UNIX uses DAC via file permissions, allowing owners to control access.
What is the primary security concern with the ‘setuid’ mechanism?
A) It restricts user privileges
B) It can be exploited to escalate privileges
C) It disables user authentication
D) It logs user activities
B) It can be exploited to escalate privileges
Explanation:
If a setuid binary is exploited, attackers may gain elevated privileges.
Which command is used to change file permissions in UNIX?
A) chmod
B) chown
C) chgrp
D) umask
A) chmod
Explanation:
chmod is used to set permissions (read, write, execute).
What does the ‘sticky bit’ do when set on a directory in UNIX?
A) Prevents file deletion by non-owners
B) Allows all users to delete files
C) Grants execute permissions to all users
D) Locks the directory from changes
A) Prevents file deletion by non-owners
Explanation:
Sticky bit restricts file deletion in shared directories like /tmp.
Which of the following is a common vulnerability in UNIX systems?
A) SQL injection
B) Cross-site scripting
C) Buffer overflow
D) Clickjacking
C) Buffer overflow
Explanation:
A common memory-based vulnerability where data overflows into adjacent memory, often exploited in UNIX systems.
What is the role of the ‘root’ user in UNIX?
A) Limited access to system files
B) Standard user privileges
C) Full system access
D) Guest user privileges
C) Full system access
Explanation:
The root user has unrestricted control over the system.
Which file in UNIX defines user group memberships?
A) /etc/passwd
B) /etc/group
C) /etc/shadow
D) /etc/login.defs
B) /etc/group
Explanation:
This file defines group memberships and related GIDs.
What is the purpose of the ‘umask’ command in UNIX?
A) Sets default file permissions
B) Changes file ownership
C) Modifies user groups
D) Encrypts files
A) Sets default file permissions
Explanation:
umask sets default permission masks for newly created files.
Which of the following commands can be used to view current user ID in UNIX?
A) whoami
B) id
C) uid
D) userinfo
B) id
Explanation:
id shows UID, GID, and associated groups. whoami shows current username.
What is the effect of setting file permissions to ‘777’ in UNIX?
A) Full permissions for owner only
B) Full permissions for owner and group
C) Full permissions for everyone
D) No permissions for anyone
C) Full permissions for everyone
Explanation:
777 allows read, write, and execute permissions for owner, group, and others.
Which of the following is a method to confine a process to a specific directory subtree in UNIX?
A) setuid
B) chroot
C) chmod
D) umask
B) chroot
Explanation:
chroot confines a process to a “jail” directory for isolation.
What is the primary function of the ‘/etc/shadow’ file in UNIX?
A) Stores user account information
B) Stores encrypted passwords
C) Stores group information
D) Stores login history
B) Stores encrypted passwords
Explanation:
/etc/shadow holds securely hashed passwords not visible in /etc/passwd.
Explain the concept of discretionary access control (DAC) in UNIX.
Answer:
DAC allows the owner of a resource (file or directory) to determine who can access it and what operations they can perform.
This is implemented through permission bits (read, write, execute) for owner, group, and others.
Describe the role of the ‘root’ user in UNIX systems.
Answer:
The root user has UID 0 and possesses unrestricted access to all files, devices, and commands on the system.
It acts as the system administrator and can perform operations that regular users cannot.
What is the purpose of the ‘chmod’ command?
Provide an example.
Answer:
chmod is used to change the access permissions of files or directories.
Example: chmod 755 myscript.sh gives read, write, execute to the owner and read, execute to group and others.
How does the ‘chroot’ command enhance security?
Answer:
chroot confines a process to a specified directory tree, creating a “jail.”
This prevents the process from accessing files outside the specified directory, limiting the damage from a compromise.
List and explain the three types of file permissions in UNIX.
Answer:
Read (r): View contents of the file or list directory.
Write (w): Modify the file or directory contents.
Execute (x): Run the file as a program or enter a directory.
What is a buffer overflow, and how can it be exploited?
Answer:
A buffer overflow occurs when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory.
Attackers exploit it to inject malicious code or change control flow, such as hijacking the return address.
Describe the function of the ‘setuid’ bit.
Answer:
When a file with the setuid bit is executed, it runs with the privileges of the file’s owner, not the executing user.
This allows temporary privilege elevation to run trusted programs.
What are the potential risks associated with symbolic links?
Answer:
Symbolic links can be used to trick privileged programs into accessing or modifying unintended files (e.g., via symlink attacks), especially when paths are not validated.
Explain the difference between ‘/etc/passwd’ and ‘/etc/shadow’.
Answer:
/etc/passwd stores user account information and is world-readable.
/etc/shadow stores encrypted passwords and is readable only by root, improving security.
What is the significance of the ‘sticky bit’ on a directory?
Answer:
When set on a directory, only the owner of a file (or root) can delete or rename it, even if others have write permissions.
Useful for shared directories like /tmp.
How does UNIX handle user authentication during login?
Answer:
The login program (run as root) prompts for credentials, hashes the password using crypt() and compares it to the value in /etc/shadow.
If matched, it starts a shell with the user’s UID/GID.
What is the function of the ‘umask’ command?
Answer:
umask defines default permission settings for new files/directories by masking permission bits.
For example, a umask of 022 results in default permissions of 755 for directories.
Explain the concept of effective user ID (EUID) in UNIX.
Answer:
The EUID determines the access rights of a running process.
It may differ from the real UID, especially for setuid programs, allowing a process to access resources on behalf of another user.
Describe a scenario where ‘setuid’ could lead to a security vulnerability.
Answer:
If a setuid root program doesn’t validate user input or environment variables properly, an attacker might exploit it (e.g., buffer overflow) to gain root privileges.
What is the purpose of the ‘chgrp’ command?
Answer:
chgrp changes the group ownership of a file or directory, which affects which group of users can access or modify it.
How can the ‘nosuid’ mount option mitigate security risks?
Answer:
The nosuid option disables setuid and setgid bits on a mounted file system, preventing execution of binaries that elevate privileges — especially useful for removable media.
What is the role of the ‘/etc/group’ file?
Answer:
It defines user groups, their group ID (GID), and the list of users in each group.
It’s essential for group-based access control.
Explain the concept of a ‘confused deputy’ problem.
Answer:
A trusted program with elevated privileges (like setuid) can be tricked into misusing its authority on behalf of a less-privileged user, leading to unauthorized access.
How does UNIX implement file system security?
Answer:
Through permission bits (r, w, x) for owner, group, and others, combined with user IDs, group IDs, and mechanisms like setuid, sticky bit, and chroot for further control.
What are the implications of setting file permissions to ‘777’?
Answer:
It grants full read, write, and execute permissions to everyone.
This is risky because any user can modify or execute the file, possibly leading to system compromise.
Discuss the security implications of the ‘setuid’ mechanism in UNIX.
Provide examples of potential vulnerabilities and mitigation strategies.
Outline of Answer:
1. Definition of setuid
2. Purpose: privilege escalation for trusted programs
3. Risks:
–3.1 Exploitable bugs (e.g., buffer overflow)
–3.2 Environment variable manipulation
–3.3 Insecure coding practices
4. Examples: vulnerable setuid root programs
5. Mitigations:
–5.1 Use nosuid
–5.2 Audit setuid binaries
–5.3 Use capabilities instead
Analyze the effectiveness of the chroot mechanism in UNIX.
What are its advantages and limitations in confining processes?
Outline of Answer:
1. Definition: sandboxing by changing root directory
2. Use cases: isolating services (e.g., FTP, web servers)
3. Limitations:
–3.1 Not a complete jail
–3.2 Can be escaped with open descriptors, device files
4. Best practices:
–4.1 Never run as root inside chroot
–4.2 Combine with privilege dropping
–4.3 Use modern alternatives (e.g., containers)
Compare and contrast Discretionary Access Control (DAC) and Mandatory Access Control (MAC).
Why is UNIX traditionally based on DAC?
Outline of Answer:
1. Define DAC and MAC
2. UNIX’s DAC model: file owner controls access
3. Advantages of DAC: simple, flexible
4. Limitations: lacks mandatory enforcement
5. MAC models (e.g., SELinux)
6. Why UNIX uses DAC: historical simplicity, user flexibility
Describe the typical steps in the UNIX login process and explain how user authentication and UID transitions occur.
Outline of Answer:
1. Boot process launches login as root
2. Username/password entry
3. Password checked via /etc/shadow
4. UID/GID assigned after success
5. UID transitions in su, sudo, and setuid
UNIX treats all system objects as files.
Discuss how this design affects system security.
Provide examples involving device files or IPC.
Outline of Answer:
1. UNIX philosophy: everything is a file
2. Impacts:
–2.1 File-based permissions
–2.2 Device files (e.g., /dev/mem)
3. Risks:
–3.1 Malicious use of device files
–3.2 Symbolic link attacks
4. Security benefits: unified access control
What are mode bits in UNIX?
Explain how they influence authorization and access control using relevant examples.
Outline of Answer:
1. File permission model: rwx
2. Ownership categories: owner, group, others
3. Examples: 755: full for owner, read-execute for others
4. Authorization checks based on effective UID/GID
5. Limitations in fine-grained control
Examine the various types of vulnerabilities found in UNIX and Linux systems.
Focus on buffer overflows, race conditions, and setuid abuses.
Outline of Answer:
1. Buffer overflows: exploitation and examples
2. Race conditions: TOCTOU vulnerabilities
3. Setuid abuses: privilege escalation
4. Denial of service
5. Secure coding practices and mitigations
Discuss the concept of the Trusted Computing Base (TCB) in UNIX.
What components are included and why are they critical for system security?
Outline of Answer:
1. Definition of TCB
2. Components: kernel, root processes
3. Why TCB is critical: Provides authentication, file access control, system services
4. Risks: TCB compromise = full system compromise
5. Reducing TCB size and attack surface
How can symbolic links be abused in a UNIX environment?
Discuss the security concerns and methods to prevent such attacks.
Outline of Answer:
1. What are symbolic links
2. Abuse scenarios:
–2.1 Redirection in privileged contexts
–2.2 ln -s /etc/passwd example
3. Defense mechanisms:
–3.1 Use O_NOFOLLOW
–3.2 Avoid using paths controlled by untrusted users
Explain the role of group IDs (GIDs) and how group-based permissions work in UNIX.
Include the role of /etc/group in your discussion.
Outline of Answer:
1. UNIX group model
2. Primary and supplementary groups
3. File permissions for group
4. Role of /etc/group
5. Command utilities: newgrp, groups
6. Security considerations and enforcement
Illustrate how a ‘confused deputy’ problem might manifest in UNIX, especially in the context of setuid programs or daemons.
Outline of Answer:
1. Definition
2. Scenario: trusted program misuses its authority
3. Example: HTTP server with setuid permissions
4. Attack vector: attacker tricks program
5. Mitigations:
–5.1 Validate input and context
–5.2 Drop privileges early
Discuss the security implications of the UNIX mount and automount features.
Include an explanation of nosuid, nodev, and noexec options.
Outline of Answer:
1. What is mounting
2. Mount options:
–2.1 nosuid: disables setuid
–2.2 noexec: prevents binary execution
–2.3 nodev: blocks device access
3. Attack vectors through mounted filesystems
4. Mitigation strategies
UNIX permissions are assigned to owner, group, and others.
How does this model limit fine-grained access control in complex environments?
Outline of Answer:
1. Basic model simplicity
2. Inadequacy for complex policies
3. No per-user or per-role access control
4. Solutions:
–4.1 Access Control Lists (ACLs)
–4.2 Mandatory Access Control (MAC)
–4.3 Role-Based Access Control (RBAC)
What are the dangers of poor file permission configurations?
Provide examples such as /tmp vulnerabilities or world-writable files.
Outline of Answer:
1. Common risky settings: 777, world-writable
2. /tmp vulnerabilities:
–2.1 Symlink attacks
–2.2 File overwrite via shared filename
3. Mitigations:
–3.1 Sticky bit
–3.2 Proper umask
–3.3 Avoid writable permissions for everyone
Describe the purpose and usage of UNIX security tools like Tripwire, Bastille, Snort, and Nessus.
How do they contribute to securing the OS?
Outline of Answer:
1. Tripwire: file integrity checker
2. Bastille: system hardening
3. Snort: intrusion detection
4. Nessus: vulnerability scanner
5. Use cases in system auditing and response
Explain how file descriptors and open sockets can be exploited in a chroot environment.
How can developers mitigate these risks?
Outline of Answer:
1. Problem: descriptors remain open across chroot
2. Scenarios:
–2.1 File outside jail opened before chroot
–2.2 Open socket used for remote control
3. Mitigations:
–3.1 Close unneeded descriptors
–3.2 Drop root privileges
–3.3 Avoid chroot for high-security use
Evaluate the evolution of UNIX security mechanisms.
What were the original goals, and how have modern threats challenged them?
Outline of Answer:
1. Initial design goals: multi-user, cooperative trust
2. Security add-ons over time
3. Introduction of setuid, chroot, ACLs, SELinux
4. Modern needs: containers, isolation, networked threats
UNIX lacks native support for network-based access control.
Discuss the implications of this limitation and how modern systems attempt to address it.
Outline of Answer:
1. Traditional UNIX focus: local users/files
2. Network considered external
3. Implications:
–3.1 Vulnerable daemons
–3.2 Poor isolation
4. Modern tools: firewalls, SELinux policies, containerization
How does UID and GID management support multi-user isolation in UNIX systems?
What are potential misconfigurations that can break this isolation?
Outline of Answer:
1. Users have unique UIDs
2. Each process runs as a UID
3. GID enables group-based permissions
4. Isolation breaks if:
–4.1 setuid misuse
–4.2 shared writable files
5. Best practices:
–5.1 Least privilege
–5.2 User namespaces (in Linux)
Propose a strategy for hardening a UNIX-based system for production deployment.
Include configuration best practices, file permissions, and use of security tools.
Outline of Answer:
1. Permission management: strict umask, audit 777 files
2. User management: remove unused accounts, enforce strong passwords
3. Service restrictions: disable unneeded daemons, run as non-root
4. Use tools: Tripwire, Snort, Bastille
5. Security patches and monitoring
