--- a/slides/slides04.tex Mon Sep 28 00:16:15 2015 +0100
+++ b/slides/slides04.tex Mon Sep 28 21:02:01 2015 +0100
@@ -156,6 +156,152 @@
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Unix-Style Access Control}
+
+How to do control access? In Unix you have
+
+\begin{itemize}
+\item users and you have groups/roles:
+\item some special roles: root
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Unix-Style Access Control}
+\small
+
+\begin{itemize}
+\item
+Q: ``I am using Windows. Why should I care?'' \\
+A: In Windows you have similar AC:
+
+\begin{center}
+\begin{tabular}{l}
+administrators group\\
+\hspace{5mm}(has complete control over the machine)\\
+authenticated users\\
+server operators\\
+power users\\
+network configuration operators
+\end{tabular}
+\end{center}\medskip
+
+\item Modern versions of Windows have more fine-grained AC than Unix;
+ they do not have a setuid bit, but have \texttt{runas} (asks for a
+ password).\pause
+
+\item OS-provided access control can \alert{\bf add} to your security.
+ (defence in depth)
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
+
+
+\begin{center}
+ \begin{tikzpicture}[scale=1]
+
+ \draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
+ \draw (4.7,1) node {Internet};
+ \draw (-2.7,1.7) node {\footnotesize Application};
+ \draw (0.6,1.7) node {\footnotesize Interface};
+ \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
+ \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
+
+ \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
+
+ \draw[white] (1.7,1) node (X) {};
+ \draw[white] (3.7,1) node (Y) {};
+ \draw[red, <->, line width = 2mm] (X) -- (Y);
+
+ \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
+ \end{tikzpicture}
+\end{center}
+
+\begin{itemize}
+\item the idea is make the attack surface smaller and mitigate the
+ consequences of an attack
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Weaknesses of Unix AC}
+
+Not just restricted to Unix:
+
+\begin{itemize}
+\item if you have too many roles (i.e.~too finegrained AC), then
+ hierarchy is too complex\\ \textcolor{gray}{you invite situations
+ like\ldots let's be root}\bigskip
+
+\item you can still abuse the system\ldots
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{A ``Cron''-Attack}
+
+The idea is to trick a privileged person to do something on your
+behalf:
+
+\begin{itemize}
+\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause
+
+\footnotesize
+\begin{minipage}{1.1\textwidth}
+\textcolor{gray}{the shell behind the scenes:}\\
+\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
+
+\textcolor{gray}{this takes time}
+\end{minipage}
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{A ``Cron''-Attack}
+
+\begin{enumerate}
+\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
+\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
+\item root \textcolor{gray}{(does the daily cleaning)}\\
+\texttt{rm /tmp/*/*}\medskip\\
+\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
+\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
+
+\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
+the real passwd file)}\\
+\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
+\item root now deletes the real passwd file
+\end{enumerate}
+
+\only<2>{
+\begin{textblock}{11}(2,5)
+\begin{bubble}[8cm]
+\normalsize To prevent this kind of attack, you need additional
+policies (don't do such operations as root).
+\end{bubble}
+\end{textblock}}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]