Kurt Seifried, [email protected], Copyright Kurt Seifried 2001
Format Strings - An Interview with Chris Evans
In a previous article I covered the basics of format string attacks. This time I've interviewed Chris Evans, whom I quoted in the last article. Without further ado, here is the interview. Read it - you will learn something. (I did.)
System and Network Security - Kernel Options
When you ask most network and system administrators about system and network security, they'll respond, "We have a firewall" or "We use SSL encryption." This is all fine and good. However, there are often some things they have missed - not that it is really their fault, since these additional options are not very well documented in most cases. Almost all Unix-based operating systems have the capability to modify various kernel options while the system is running. I'll be concentrating on Linux, *BSD and Solaris.
Creating and Preventing Backdoors in UNIX Systems
Backdoors are by far one of the worst nightmares of many system and network administrators. We all know our networks and hosts will at some point be penetrated, and if we've done our job right we should be able to detect that penetration. However, one problem always rears its ugly head: Do we format the drive, reinstall from trusted media, then patch the system, configure it, and restore data from backups; or do we just try to patch the system up and remove any surprises the attacker may have left? In some cases it is clear-cut: For a user's workstation with most data stored centrally, rebuilding the system is far faster than trying to fix it. On the other hand, what if you have a production email server handling incoming email for 10,000 people and no backup machine to switch to?
I'm always amazed at the lack of articles on topics like RPM and PAM. Basic systems components and tools that people use every day but generally speaking are poorly understood if at all. Prepare to be educated. RPM is "Red Hat Package Manager" and is currently the most widely used package format for Linux (yes, I know about dpkg and tar packages) with most vendors utilizing it. RPM allows you to easily install, uninstall and query packages and the RPM database for information. Generally speaking RPM's must be installed as root, basically RPM's can do anything on your system, install new files, overwriting files, reconfiguring system settings, add new users, etc. Why is this important? Because many people download RPM's from semi-trusted or untrusted sources and blindly install them.
Most, if not all the readers of this column run a mail server, and more then likely it is running Sendmail. In all fairness Sendmail is a damn good MTA (Mail Transfer Agent), Eric Allman originally wrote it with one main goal in mind: the mail must get through. Unfortunately, when Sendmail was originally written security wasn't a major concern on the Internet and it shows. Sendmail runs almost exclusively as the root user on most systems, meaning any flaws are potentially very serious. In addition to this Sendmail isn't very good at handling high loads. New mailers, such as Postfix, Zmailer, and Qmail are several times faster then Sendmail on the same hardware. Until recently most of the alternative mailers to Sendmail were not drop-in replacements, to replace Sendmail was a painful task, and the new software typically behaved differently then Sendmail. Postfix was designed from the start to address all these problems.
Last updated 20/12/2001
Copyright Kurt Seifried 2001