HostedDB - Dedicated UNIX Servers

nt-part2_64 Analysis of the Security of  Windows NT 1 March 1999 64 the advent of networked computing had made many of these data structures rather large. To combat this problem, again Sun Microsystems, developed a client server structure for answering queries from individual workstations. Sun originally named this service the Sun Yellow Pages, but when it became apparent that the name was already regis- tered, Sun changed the name to NIS or Network Information System. NIS consists of a number of primary and secondary servers that answer individual questions from work- stations about user accounts, hostname to IP address resolution, Ethernet network addresses etc. For an in depth treatment of UNIX internals see for instance [58], or [59]. 8.1  Security Neither of the systems above were designed with security as one of the design goals. They all stem from the time when “first make it work” was the order of the day. How- ever, even though UNIX eliminated many of the advanced security features available in Multics, must still be considered a workable platform on which to build secure sys- tems. Some basic security mechanisms are present; different processes have different memory spaces, and they cannot read or write memory belonging to another process. Calls into the kernel are checked against the user owning the process, only the super user (an all powerful administrative account) can perform certain security critical oper- ations. Processes can inherit super user privileges to perform some security critical function (such as logging in another user) in a limited and secure manner. The filesys- tem keeps record of ownership of all files and objects and permissible operations (read/ write/execute) can be determined on an individual basis for each file. The security mechanisms above, while they are the very building blocks that can make a UNIX system secure, also leave a lot to be desired. The introduction of an all power- ful administrative account introduces a single point of failure into the system. When an intruder has gained super user privileges little can be done to trace his actions or to eject him from the system. The process privilege inheritance mechanism, the set UID, or SUID mechanism, is in many respects a too coarse grained mechanism, it’s all or nothing. Many security flaws are introduced into UNIX system because a SUID program is tricked into doing some- thing other than it was originally intended to do. Since all it’s actions are performed with maximum privilege, it can affect the system in any way the intruder sees fit, espe- cially in areas that have no connection with the original privileged operation the pro- gram was designed to mediate access to. The file permission system was originally somewhat coarse grained and did not facili- tate the enforcement of many reasonable security policies. Permissions could be set to allow read, write, and execute access according to the criteria ”owner”, ”group”, and ”others.” However, today all major manufacturers of UNIX support some kind of ACL (Access Control List) feature similar to NT. The various systems do not follow any standard of how to accomplish this, and perhaps as a result, the majority of UNIX installations do not activate the ACL feature provided them.