Mercurial Mercurial > hg > sen-material / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updated
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Wed, 14 Oct 2015 10:27:07 +0100
changeset 405 6a54ee8b74c3
parent 404 4e3bc09748f7
child 406 0516bffd3f5f
updated
slides/slides04.pdf file | annotate | diff | comparison | revisions
slides/slides04.tex file | annotate | diff | comparison | revisions 
Binary file slides/slides04.pdf has changed
--- a/slides/slides04.tex	Tue Oct 13 03:45:37 2015 +0100
+++ b/slides/slides04.tex	Wed Oct 14 10:27:07 2015 +0100
@@ -111,7 +111,8 @@
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
-\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
+\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] 
+            Privilege Separation\end{tabular}}
 
 
 \begin{center}
@@ -141,53 +142,49 @@
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Access Control in Unix}
 
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
+\begin{itemize}
+\item access control provided by the OS
+\item authenticate principals
+\item mediate access to files, ports, processes etc according to
+  \alert{roles} (user ids)\\
+\item roles get attached with privileges (some special roles: root)\bigskip\\
+
+\hspace{8mm}
+\begin{bubble}[8cm]
+\alert{principle of least privilege:}\\
+users and programs should only have as much privilege as they need to
+accomplish a task
+\end{bubble}
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
 \begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Infamous Security Flaws\\[-1mm] in Unix\end{tabular}}
+\frametitle{Access Control in Unix (2)}
 
 
 \begin{itemize}
-\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause\pause
-\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause
-\item \texttt{mkdir foo} is owned by root\medskip
-\begin{center}
-\texttt{-rwxr-xr-x  1 root  wheel /bin/mkdir}
-\end{center}\medskip
-it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)}
+\item privileges are specified by file access permissions (``everything is a file'')\medskip 
+\item there are 9 (plus 2) bits that specify the permissions of a file
 \end{itemize}
 
-\only<5->{
-\begin{textblock}{1}(3,7)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
-{\begin{minipage}{8cm}
-Only failure makes us experts.
-	-- Theo de Raadt (OpenBSD, OpenSSH)
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
-
-
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Unix-Style Access Control}
-
-How to do control access? In Unix you have
-
-\begin{itemize}
-\item users and you have groups/roles:
-\item some special roles: root
-\end{itemize}
+\begin{center}
+${\underbrace{\LARGE\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
+ \;{\underbrace{\LARGE\texttt{r{}-{}-}}_{\text{user}}}\,
+ {\underbrace{\LARGE\texttt{r{}w{}-}}_{\text{group}}}\,
+ {\underbrace{\LARGE\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
+ \LARGE\texttt{bob}\;\;\texttt{staff}\;\;\texttt{file}$
+\end{center}  
   
 \end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
+   
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
@@ -223,39 +220,6 @@
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
-\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
-
-
-\begin{center}
-  \begin{tikzpicture}[scale=1]
-  
-  \draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
-  \draw (4.7,1) node {Internet};
-  \draw (-2.7,1.7) node {\footnotesize Application};
-  \draw (0.6,1.7) node {\footnotesize Interface};
-  \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
-  \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
-  
-  \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
-
-  \draw[white] (1.7,1) node (X) {};
-  \draw[white] (3.7,1) node (Y) {};
-  \draw[red, <->, line width = 2mm] (X) -- (Y);
- 
-  \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
-  \end{tikzpicture}
-\end{center}
-
-\begin{itemize}
-\item the idea is make the attack surface smaller and mitigate the
-  consequences of an attack
-\end{itemize}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
 \frametitle{Weaknesses of Unix AC}
 
 Not just restricted to Unix:
@@ -321,106 +285,37 @@
 
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[fragile]
-\frametitle{D-Link Backdoors}
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}Infamous Security Flaws\\[-1mm] 
+in Unix\end{tabular}}
 
-D-Link router flaw lets anyone login through "Joel's Backdoor":\medskip
 
-\begin{quote}\rm\small
-If you tell your browser to identify itself as Joel's backdoor, instead of (say) 
-as Mozilla/5.0 AppleWebKit/536.30.1 Version/6.0.5, you're in without authentication.\medskip
-  
-"What is this string," I hear you ask?
-
-You will laugh: it is\pause 
+\begin{itemize}
+\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause
+\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause
+\item \texttt{mkdir foo} is owned by root\medskip
+\begin{center}
+\texttt{-rwxr-xr-x  1 root  wheel /bin/mkdir}
+\end{center}\medskip
+it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)}
+\end{itemize}
 
-\begin{center}\large
-\pcode{xmlset_roodkcableoj28840ybtide}
-\end{center}
-\end{quote}\bigskip\bigskip
-
-\hfill\footnotesize October 15, 2013\\
-\hfill\footnotesize\url{http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/}
+\only<4->{
+\begin{textblock}{1}(3,7)
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
+{\begin{minipage}{8cm}
+Only failure makes us experts.
+	-- Theo de Raadt (OpenBSD, OpenSSH)
+\end{minipage}};
+\end{tikzpicture}
+\end{textblock}}
 
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[fragile]
-
-CVE-2014-0476 \pcode{chkrootkit} vulnerability 4 Jun'14\medskip
-
-\begin{quote}\rm\small
-Hi,
-
-we just found a serious vulnerability in the chkrootkit package, which
-may allow local attackers to gain root access to a box in certain
-configurations (\pcode{/tmp} not mounted noexec). Steps to reproduce:
-
-\begin{itemize}
-\item Put an executable file named \pcode{update} with non-root owner in 
-\pcode{/tmp} (not mounted noexec, obviously)
-\item Run chkrootkit (as uid \pcode{0})
-\end{itemize}
-
-Result: The file \pcode{/tmp/update} will be executed as root, thus effectively
-rooting your box, if malicious content is placed inside the file.
-
-If an attacker knows you are periodically running chkrootkit (like in
-\pcode{cron.daily}) and has write access to \pcode{/tmp} (not mounted noexec), he may
-easily take advantage of this.
-\end{quote}
-\mbox{}\\[-10mm]
-
-\hfill\footnotesize\url{http://seclists.org/oss-sec/2014/q2/430}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Access Control in Unix}
-
-\begin{itemize}
-\item access control provided by the OS
-\item authenticate principals
-\item mediate access to files, ports, processes etc according to
-  \alert{roles} (user ids)\\
-\item roles get attached with privileges\bigskip\\
-
-\hspace{8mm}
-\begin{bubble}[8cm]
-\alert{principle of least privilege:}\\
-users and programs should only have as much privilege as they need to
-accomplish a task
-\end{bubble}
-\end{itemize}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{Access Control in Unix (2)}
-
-
-\begin{itemize}
-\item privileges are specified by file access permissions (``everything is a file'')\medskip 
-\item there are 9 (plus 2) bits that specify the permissions of a file
-
-\begin{center}
-\begin{tabular}{l}
-\texttt{\$ ls -la}\\
-\texttt{-rwxrw-r-{}- \hspace{3mm} foo\_file.txt}
-\end{tabular}
-\end{center}
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
@@ -451,7 +346,7 @@
 \frametitle{Setuid and Setgid}
 
 The solution is that Unix file permissions are 9 + \underline{2 Bits}:
-\alert{Setuid} and \alert{Setgid} bits
+\alert{\bf Setuid} and \alert{\bf Setgid} bits
 
 \begin{itemize}
 \item When a file with setuid is executed, the resulting process will
sen-material