nt-part2_67
Analysis of the Security of Windows NT
1 March 1999
67
dom argument will contain valid machine code. The prevalence of source code to the
various UNIX implementations has made this kind of devastating attack wide spread
however. NT will probably see a similar development, there are no technical differ-
ences to prevent the same kind of attack. The absence of source code will make it more
difficult for the attackers to find such flaws, but not impossible [10] and [14].
8.3.4 Undocumented system variables and functions (see 7.3.4)
These are not really a security problem in UNIX, the authors know of no such attack
against a UNIX system. This is probably due to the wide spread distribution of source
code, and a long standing tradition of openness in UNIX system development. All
functions of the kernel are typically documented. Again utilities have had their share of
such problems however, classic examples are the sendmail the electronic mail trans-
fer agent, DEBUG and WIZ commands, that existed in early sendmail versions, and
that granted unlimited access to the system via the network. These are of a historic
nature however [6].
8.3.5 SMB challenge response (see 7.4.1, 7.4.2)
There is no direct counterpart in UNIX. Old protocols typically do not use challenge/
response, and the modern ones that do typically get it right.
8.3.6 Plain text passwords over the network (see 7.3.5)
The Berkeley r protocols pioneered the idea of sending unencrypted passwords over
the network. This actually made some sense at the time, since the local network con-
sisted of a typically homogeneous installation of UNIX machines, none of which
would allow access to the network with out super user privileges. This assumption has
changed today however, but despite this the Berkeley r protocols are still in wide
spread use. Password sniffing is one of the most common attacks carried out against
UNIX installations [10] and [11].
8.3.7 Non NTFS file systems (see 7.3.6)
Traditionally UNIX has implemented its own file system, for many years there was
only one. Berkeley corrected a number of performance deficiencies with the Berkeley
fast file system, and variations thereof are still common today. Even though most mod-
ern UNIX systems allow access to MS-DOS file systems, these accesses are typically
limited in such a way as to present no serious security implications. It is impossible to
actually run a UNIX system from anything other than a UNIX file system, and the kind
of problems that NT has when a non NT file system is used for critical tasks does not
appear in UNIX [58].
8.3.8 System initialization problems (see 7.3.7)
UNIX have the same boot problems that NT has. Once the intruder has gained physical
access to the computer and its disks, little can be done to prevent him from forcing the
system. Some UNIX implementations where also traditionally misconfigured, or could
be interrupted in the middle of the boot process to provide the intruder with an admin-