This document provides an overview of Section 5 of Course 1 on secure programming. It covers topics like shells and environments, configuration, logging, and calling external programs. The learning objectives are to understand how shells work and how environments can impact security. It also discusses operations management best practices related to these topics. It includes mini-labs on shells where students can explore concepts like relative paths, substitutions and how they can enable exploits. The document emphasizes applying the principle of least privilege and white listing to improve security.
This lecture discusses the commands and tools used to deal with text and text files in Linux. This includes displaying, concatenation, editing, searching, sorting, comparing text files. It also discusses the generation and usage of patch files
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group:
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
Course 102: Lecture 10: Learning About the Shell Ahmed El-Arabawy
This lecture Introduces the shell program, its role, its functionality , and the categories of commands to run on it. It also discusses the different scripts executed at shell startup
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
This lecture discusses the commands and tools used to deal with text and text files in Linux. This includes displaying, concatenation, editing, searching, sorting, comparing text files. It also discusses the generation and usage of patch files
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group:
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
Course 102: Lecture 10: Learning About the Shell Ahmed El-Arabawy
This lecture Introduces the shell program, its role, its functionality , and the categories of commands to run on it. It also discusses the different scripts executed at shell startup
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
This lecture discusses the Environment Variables concept, usage, and how processes acquire them. It then goes through the most popular ones
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
This lecture addresses the different commands that are used to monitor the processes running in Linux, and the associated resources used by them. It also addresses the different attributes of processes and the manipulation of process priority
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
This lecture is the second part of an introduction to SVC tools with a focus on Git and GitHub. This Lecture discusses the Git Object Model and Some Git Commands to perform basic operations
Part 6 of "Introduction to linux for bioinformatics": Productivity tipsJoachim Jacob
This is part 6 of the training "Introduction to linux for bioinformatics". Here we show basic tips to become rapidly more efficient on the command line. Interested in following this training session? Please contact me at http://www.jakonix.be/contact.html
Shell: A Command-Line Interpretor that connects a user to Operating System and allows to execute the commands or by creating text script.
Process: Any task that a user run in the system is called a process. A process is little more complex than just a task.
File: It resides on hard disk (hdd) and contains data owned by a user.
X-windows aka windows: A mode of Linux where screen (monitor) can be split in small “parts” called windows, that allow a user to do several things at the same time and/or switch from one task to another easily and view graphics in a nice way.
Text terminal: A monitor that has only the capability of displaying text stuff, no graphics or a very basic graphics display.
Session: Time between logging on and logging out of the system.
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
MacOS forensics and anti-forensics (DC Lviv 2019) presentation. Prepared specially for DC38032. Prepared by Oleh Levytskyi (https://twitter.com/LeOleg97)
This lecture discusses the Environment Variables concept, usage, and how processes acquire them. It then goes through the most popular ones
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
This lecture addresses the different commands that are used to monitor the processes running in Linux, and the associated resources used by them. It also addresses the different attributes of processes and the manipulation of process priority
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
This lecture is the second part of an introduction to SVC tools with a focus on Git and GitHub. This Lecture discusses the Git Object Model and Some Git Commands to perform basic operations
Part 6 of "Introduction to linux for bioinformatics": Productivity tipsJoachim Jacob
This is part 6 of the training "Introduction to linux for bioinformatics". Here we show basic tips to become rapidly more efficient on the command line. Interested in following this training session? Please contact me at http://www.jakonix.be/contact.html
Shell: A Command-Line Interpretor that connects a user to Operating System and allows to execute the commands or by creating text script.
Process: Any task that a user run in the system is called a process. A process is little more complex than just a task.
File: It resides on hard disk (hdd) and contains data owned by a user.
X-windows aka windows: A mode of Linux where screen (monitor) can be split in small “parts” called windows, that allow a user to do several things at the same time and/or switch from one task to another easily and view graphics in a nice way.
Text terminal: A monitor that has only the capability of displaying text stuff, no graphics or a very basic graphics display.
Session: Time between logging on and logging out of the system.
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
MacOS forensics and anti-forensics (DC Lviv 2019) presentation. Prepared specially for DC38032. Prepared by Oleh Levytskyi (https://twitter.com/LeOleg97)
1 of 9 CSCE 3600 Systems Programming Major Assignm.docxShiraPrater50
1 of 9
CSCE 3600: Systems Programming
Major Assignment 2 – The Shell and System Calls
Due: 11:59 PM on Wednesday, November 6, 2019
COLLABORATION
You should complete this assignment as a group assignment with the other members of
your group as assigned on Canvas using our GitLab environment (i.e., the same group
you had for Major 1). If desired, you may submit only one program per group, but all
source code must be committed in GitLab. Also, make sure that you list the names of all
group members who participated in this assignment in order for each to get credit.
BACKGROUND
A shell provides a command-line interface for users. It interprets user commands and
executes them. Some shells provide simple scripting terms, such as if or while, and
allow users to make a program that facilitates their computing environment. Under the
hood, a shell is just another user program. The file /bin/bash is an executable file for
the bash shell. The only thing special about your login shell is that it is listed in your
login record so that /bin/login (i.e., the program that prompts you for your password)
knows what program to start when you log in. If you run "cat /etc/passwd", you will
see the login records of the machine.
PROGRAM DESCRIPTION
GROUP COLLABORATIVE PORTION
In this assignment, you will implement the shell “engine” as the “group” component,
where all members are responsible for the following functionality:
• A Command-Line Interpreter, or Shell
Your shell should read the line from standard input (i.e., interactive mode) or a
file (i.e., batch mode), parse the line with command and arguments, execute the
command with arguments, and then prompt for more input (i.e., the shell prompt)
when it has finished.
1. Interactive Mode
In interactive mode, you will display a prompt (any string of your choosing)
and the user of the shell will type in a command at the prompt.
2. Batch Mode
In batch mode, your shell is started by specifying a batch file on its command
line. The batch file contains the list of commands that should be executed. In
batch mode, you should not display a prompt, but you should echo each line
you read from the batch file back to the user before executing it.
You will need to use the fork() and exec() family of system calls. You may
2 of 9
not use the system() system call as it simply invokes the system’s /bin/bash
shell to do all of the work.
You may assume that arguments are separated by whitespace. You do not have
to deal with special characters such as ', ", \, etc. However, you will need to
handle the redirection operators (< and >) and the pipeline operator (|), which
will be specified in the “individual” portion of this assignment.
Each line (either in the batch file or typed at the prompt) may contain multiple
commands separate with the semicolon (;) character. Each command separated
by a ; should be run sequentially, but the shell should not print the next prompt ...
BITS: Introduction to Linux - Text manipulation tools for bioinformaticsBITS
This slide is part of the BITS training session: "Introduction to linux for life sciences."
See http://www.bits.vib.be/index.php?option=com_content&view=article&id=17203890%3Abioperl-additional-material&catid=84&Itemid=284
Managing big data stored on ADLSgen2/Databricks may be challenging. Setting up security, moving or copying the data of Hive tables or their partitions may be very slow, especially when dealing with hundreds of thousands of files.
Learning spark ch01 - Introduction to Data Analysis with Sparkphanleson
Learning spark ch01 - Introduction to Data Analysis with Spark
References to Spark Course
Course : Introduction to Big Data with Apache Spark : http://ouo.io/Mqc8L5
Course : Spark Fundamentals I : http://ouo.io/eiuoV
Course : Functional Programming Principles in Scala : http://ouo.io/rh4vv
HBase In Action - Chapter 04: HBase table designphanleson
HBase In Action - Chapter 04: HBase table design
Learning HBase, Real-time Access to Your Big Data, Data Manipulation at Scale, Big Data, Text Mining, HBase, Deploying HBase
HBase In Action - Chapter 10 - Operationsphanleson
HBase In Action - Chapter 10: Operations
Learning HBase, Real-time Access to Your Big Data, Data Manipulation at Scale, Big Data, Text Mining, HBase, Deploying HBase
Hbase in action - Chapter 09: Deploying HBasephanleson
Hbase in action - Chapter 09: Deploying HBase
Learning HBase, Real-time Access to Your Big Data, Data Manipulation at Scale, Big Data, Text Mining, HBase, Deploying HBase
Learning spark ch04 - Working with Key/Value Pairsphanleson
Learning spark ch04 - Working with Key/Value Pairs
Course : Introduction to Big Data with Apache Spark : http://ouo.io/Mqc8L5
Course : Spark Fundamentals I : http://ouo.io/eiuoV
Course : Functional Programming Principles in Scala : http://ouo.io/rh4vv
Learning spark ch01 - Introduction to Data Analysis with Sparkphanleson
Learning spark ch01 - Introduction to Data Analysis with Spark
References to Spark Course
Course : Introduction to Big Data with Apache Spark : http://ouo.io/Mqc8L5
Course : Spark Fundamentals I : http://ouo.io/eiuoV
Course : Functional Programming Principles in Scala : http://ouo.io/rh4vv
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
5.Shell And Environment
1. Course 1: Overview of Secure
Programming, Section 5
Pascal Meunier, Ph.D., M.Sc., CISSP
May 2004; updated January 12, 2006
Developed thanks to support and contributions from Symantec
Corporation, support from the NSF SFS Capacity Building Program
(Award Number 0113725) and the Purdue e-Enterprise Center
Copyright (2004) Purdue Research Foundation. All rights reserved.
2. Course 1 Learning Plan
Security overview and patching
Public vulnerability databases and resources
Secure software engineering
Security assessment and testing
Shell and environment
Resource management
Trust management
3. Learning objectives
Understand how shells interpret commands, launch
and provide environments for processes
– Understand how setuid or LocalSystem scripts and
programs are risky
Understand how environments affect the security of
applications
Understand how configuration issues affect the
security of applications
Understand security issues in audit logs
Understand security issues in launching processes
4. Operations Management and Best Practices
Shells
Environment
Configuration
Logging
Calling External Programs
5. Shells: Outline
What is a shell?
Relative path vulnerabilities and mini-lab
Substitutions
Setuid scripts and programs
6. What is a shell?
Launches programs, including other shells
Provides
– Capabilities to applications
– A user interface
Windows Explorer shell
Replacement Windows shells
– Geoshell
– Aston, etc...
– Norton Desktop for Windows
UNIX shells
– bash
– tcsh, etc...
7. Capabilities provided by Windows shells
Custom url handlers
– Clicking on a url "outlook://" starts outlook
– Buffer overflow when handling custom urls of improperly
removed applications (CVE-2002-0070; MS02-014)
UI preferences
– Buffer overflow when handling desktop.ini (CVE-2003-
0306; MS03-27)
Path resolution and handling
– Relative shell path vulnerability in Windows 2000 and NT
(CVE-2000-0663)
Run Explorer.exe trojan from another user
Various means of launching other programs
– Buffer overflows (CVE-2002-1327, CVE-2003-0503)
8. Capabilities of UNIX shells
Substitutions
– Filename substitution (wildcard expansion, a.k.a. globbing)
– Command substitution
bash and tcsh interpret backticks in names (CVE-1999-
1383)
Arbitrary command execution in GhostView handling of file
names (CVE-2002-1569) (BID 5840)
Several other applications invoke shell capabilities!
Environment variables
– PATH search variable
File system path resolution
Launching applications
9. Relative Path Vulnerabilities
Relative paths trigger a search for the actual file. Is
it:
– In the current directory?
– In some other directory specified by the PATH
environment variable?
– Which one of the above two should be done first?
Insecure default in Windows (see next slide)
ICAT: 15 entries (Windows, UNIX, others)
Common misconfiguration of UNIX accounts
Mini-Lab
10. Windows PATH
Different behavior depending on version of
Windows
– Old behavior: current directory was searched first for
DLLs
– New behavior: search all system locations first
XP SP1
Windows 2003
– More secure, but...
The current directory is searched even if "." is not
in your PATH, and searched before your PATH!
– Insecure default
– You may not get the DLL (dynamically loaded library) you
wanted! (see Howard and Leblanc 2003)
11. Windows Filename Extensions
What if you didn't specify the extension?
The environment variable PATHEXT decides the
order (.com, .exe, .bat, .cmd, ...)
What if PATHEXT is changed by a malicious user,
so a trojan would run instead?
Other ambiguities
– Trailing dot, slash in filename
– Long vs short name
– Canonicalization issues covered in course 2, part 7
"Canonicalization and Directory Traversal"
Solution: Use the absolute path and complete
name
12. Shell Mini-Lab (Windows)
Open a command prompt
– Type “command” within the window you opened. Which
shell is running now? Now type “exit”
– Type “cd“ or “set %CD%”. What is the current directory?
– Type “set PATH". What is the meaning of the output?
– Create a cmd file named “cmd.cmd":
echo @echo gotcha > cmd.cmd
– Compare the execution of “cmd" and ".cmd". What is
the difference, if any?
– Type "set PATH=%PATH%;.". What effect does it have
when you run “cmd”?
– Create a batch file named “cmd.bat”:
echo @echo hello > cmd.bat
13. Shell Mini-Lab (Windows continued)
What happens when you run “cmd” now?
– How can you change the behavior?
Compare the results of running “cmd” with the
results of running
“%SYSTEMROOT%system32cmd”.
What kind of path is
“%SYSTEMROOT%system32cmd”?
Type “%SYSTEMDRIVE%”
Type “cd %SYSTEMROOT%system32”
Compare the results of running “cmd” and “.cmd”.
14. Shell Mini-Lab (UNIX)
Get into the UNIX shell provided for the class
– Type "/bin/sh". Which shell is running now?
– Type "pwd". What is the current directory?
– Type "echo $PATH". What is the meaning of the output?
– Create a script named "ls":
echo "echo gotcha" > ls
– Allow execution by running "chmod a+rx ls"
– Compare the execution of "ls" and "./ls". Why is the
output different?
– Type "PATH=.:/bin:/sbin:/usr/bin:/usr/sbin".
What is the effect when you run “ls”?
15. Shell Mini-Lab (UNIX continued)
Compare the execution of "ls" with "/bin/ls".
What kind of path is "/bin/ls"?
Type "cd /bin"
Compare the results of running "ls" and "./ls".
16. Question
A "relative path" is relative to:
a) Your home directory
b) The current working directory
c) The root (top) directory (e.g. “C:” or “/”)
17. Question
A "relative path" is relative to:
a) Your home directory
b) The current working directory
c) The root (top) directory (e.g. “C:” or “/”)
18. Question
Why is the PATH environment variable important?
a) It specifies the order of directories in which a
shell looks for a file, when a relative path has been
specified
b) It changes the execution path within applications
c) You must follow your own path
19. Question
Why is the PATHEXT environment variable
important?
20. Question
In a UNIX shell, when an application runs
"./filename", which file is run?
a) The file of the same name ("filename") in the
same directory as the application
b) The file of the same name ("filename") in the
current working directory of the application
c) The file of the same name ("filename") in a
directory specified by the PATH environment
variable
21. Question
In a Windows shell, when an application runs
"filename", which file is run? Choose the best
answer.
a) The file of the same name ("filename") in a
directory specified by the PATH environment variable
b) The file of the same name ("filename") in the
current working directory of the application
c) The first file in the current directory that matches
the first extension in the PATHEXT environment
variable
d) The file of the same name ("filename") in the same
directory as the application
22. Question
Which is more secure to run?
a) ./filename or .filename
b) filename
c) /bin/filename or
c:WINNTsystem32filename.exe
23. Question
Which is more secure to run?
a) ./filename or .filename
b) filename
c) /bin/filename or
c:WINNTsystem32filename.exe
• Comment: Because ./filename refers to the current
path, it has a level of indirection that can be
exploited.
• Always specify absolute paths unless impossible.
• Explicitly set the PATH and any other important
environment variables.
24. Substitutions: Outline
What are substitutions?
Vulnerability due to substitutions
How not to patch
White list best practice
Mini-Lab 2: A shell exploit
25. What can be substituted?
Filename substitutions (wildcards, a.k.a. globbing)
Directory stack substitution
Command substitution
Subshells
Other substitutions
UNIX Example: ls /var/*/*log*
– /var/log/boot.log
– /var/log/prelink.log
– /var/log/Xorg.0.log
– /var/run/klogd.pid
– /var/run/syslogd.pid
26. GNU ‘bash’ prompt parsing vulnerability
CVE-1999-0491, BID 119
UNIX back-tick (command substitution)
– Typing "`command`" on the command line executes the
command, even if it should have been an argument for
another command
Mallory runs: mkdir "`command`"
– Create directory with a command inside back-ticks
Alice runs: cd "`command`"
Mallory’s command executed by Alice
– This could happen when moving around directories with
symlinks
Code injection due to full shell interpretation of
directory name
27. Prompt parsing vulnerability
Fixed in tcsh 6.07
Changelog:
“33. Add VAR_NOGLOB, and use it to avoid
globbing directory names when cd'ing into them.“
Flag "VAR_NOGLOB" is used to identify situations
where substitution (incorrectly implied to be
globbing) should not be done
Question: Did the programmer fix all of the
situations where substitution shouldn’t be done?
28. Prompt parsing vulnerability
tcsh 6.07 Code Fix
/* set: storage into hashed/balanced tree */
void
set1(var, vec, head, flags)
Char *var, **vec;
struct varent *head;
int flags;
{
register Char **oldv = vec;
if ((flags & VAR_NOGLOB) == 0) {
/* if not forbidden, do the globbing */
gflag = 0;
tglob(oldv);
...
Note: double negation -- avoid if you can
*** keep code simple if you can ***
30. Prompt parsing vulnerability
Discussion: What's Wrong?
The fix forbids substitution (including globbing) only
when dealing with changing directories.
Why is this is a brittle fix and a bad practice?
31. Prompt parsing vulnerability
Discussion: Sample Answer
The first fix forbids substitutions when printing the
prompt ('w' option)
The second fix forbids substitution when changing
directories
The nth fix forbids substitution for yet another
situation.
32. White List Best Practice
Mechanism should not require enumeration of
each dangerous thing (black list)
– It’s easy to miss things
Instead, mechanism should be designed to deny all
by default unless something is explicitly
enumerated as safe (white list)
Outline of incorrect fix approach:
– Try to block or forbid a specific exploitation path
– Result: another path is found
Underlying problem still exists
Common repeated mistake
Multiple patching attempts are costly and annoy customers
33. Mini-Lab 2: UNIX
An exploit to gain shell access
Most exploits are aimed at giving an attacker shell
access
– "Execute arbitrary code" usually means starting a shell
Next, a back door is installed.
Warning: your account could get compromised by
doing this mini-lab
– don't perform the "chmod" operations (comment them out)
instructor will demo some student solutions in a throw-away
account
– *or* don't use a university account
In this lab, you will create a back door with a setuid
"C" program
– setuid scripts are now disabled by default in many OSes
34. Mini-Lab 2: UNIX
A Back Door
Create a C program containing:
– setreuid(geteuid(), geteuid())
– execlp("/bin/sh", "/bin/sh", 0)
Do chmod 4755 your_program (makes it setuid)
This is a backdoor into your account!
Team up with someone else
With their permission, execute the back door they
have written
Type "whoami" or “id” into the shell you get
35. Mini-Lab 2: UNIX
A Back-Door Creating Script
Inside a directory where only you have execute
privileges, write a shell script that will
– Write the C program you wrote into a file
– Compile it
– Use chmod to set the setuid bit and allow anyone to run it.
What will happen if another user runs the shell
script?
How can you persuade another user to run it?
Turn in the shell script (email it to me)
Make sure to delete the C program from your
account...
36. Mini-Lab 2: UNIX
Answers
What will happen if someone runs it?
– It will create a backdoor script into their account
How can you get someone to run it?
– Create a directory named `bcs`
if using a vulnerable version of bash or tcsh
– Send it to them as an email attachment
– Make it do something useful or interesting, and put it in a
shared area; wait for someone to run your trojan program.
– Name it the same as a common system command an wait
for someone who has "." in their path to run it by accident
from a directory where you have write access.
– Exploit a vulnerability into a program running as root or
LocalSystem
37. Discussion Question
How can you configure Windows services to
mitigate the consequences of a vulnerability?
Hint: Apply the principle of least privilege
38. Discussion Sample Answers
Windows: Services that run as System
– Change the account associated with a service ("Log On
As" setting), from LocalSystem to a lower privilege
account (you need to configure that account carefully, or
use LocalService or NetworkService)
Sometimes, users can't figure out why their
software doesn't work so they make it run with an
administrator account, which is even worse!
– Principle of psychological acceptability: "This is too hard,
so let's open it and grant it all privileges so it works!"
UNIX: This is mitigated by configuring services to
run as "nobody" or separate accounts with limited
privileges for each service
39. Question
Why is a secure configuration difficult to achieve?
a) Operating systems are complex
b) Users will break security (if they can) to get their
services to run
c) There are many services to secure
d) All of the above
40. Question
Why is a secure configuration difficult to achieve?
a) Operating systems are complex
b) Users will break security (if they can) to get their
services to run
c) There are many services to secure
d) All of the above
Installing things secure by default is becoming
more popular and expected
41. Discussion Question
What can you do to improve the security of your
projects when you go back to work at the end of
this tutorial?
42. Environment: Outline
What is the environment?
Can you trust the environment?
Environment pollution attacks
43. What is the environment?
File System
– Correct permissions/ACLs on files
– Partitions
Operating System, sandboxes
Services
Accounts
– Correct account permissions
Environment variables
– e.g., PATH
Other defaults
– e.g., umask (for new file default permissions)
Logging facilities
44. Trusting the Environment?
As the developer of an application, you (should)
know how to secure the environment
Configure files with the correct permissions during
installation
Umask: Create files with correct permissions
Environment variables are typically under the
control of untrusted users
45. Question
Who controls the value of the PATH variable?
What does that tell you about other environment
variables? (Hint: A search for "environment" in
ICAT gave 192 entries in spring 2004; the NVD
now lists 310 entries as of January 17, 2006)
46. Environment Pollution
A program can get values from the environment
Some variables are used automatically
– Win32 process hooking, dll injection, Microsoft research
detours library
– UNIX LD_LIBRARY_PATH, LD_PRELOAD
Function interception (library interposition)
Before you get control!
An attacker can influence environment:
– For code injection attacks
– To create buffer overflows
– To bypass access controls
– Denial of service (crashes for various reasons)
47. Comments on PHP Poisoning
PHP was designed for power and ease-of-use in
CGI programming, not security
CGI parameters automatically become variables
within PHP scripts
– Attacker can control logical flow of program
– Option turned off by default in new versions of PHP
Used to be ON by default
48. Example PHP Poisoning
PHP: Variables inside the program can be
initialized with values supplied by the remote client
(register_globals option)!
<php
if ($username == $allowed && $password
== $secret) $authorized = “yes”;
...
if ($authorized == “yes”) {
...
}
?>
“url?authorized=yes” bypasses authentication
50. Configuration Best Practice
All dangerous configuration options should be
turned off by default (SD3 – secure by design,
secure by default, secure in deployment)
The developer should know what options are
dangerous
Customer doesn't know any better so the
installation and configuration program should
provide guarantees
– Exceptions should provide warnings
51. Question
Are accounts with default passwords a good
secure configuration practice?
a) It doesn't matter, they are necessary
b) Yes, if they are kept secret
c) No
Hint: see
http://www.cirt.net/cgi-bin/passwd.pl
http://www.phenoelit.de/dpl/dpl.html
52. Discussion
What can your software do instead of using
accounts with default passwords?
53. Discussion Sample Answers
What can your software do instead of using
accounts with default passwords?
– Functionality could be blocked until accounts are set
properly (with appropriate notices so customer doesn't
think that the program or equipment is broken)
– If the default account can't be avoided, most functionality
could be disabled until the default account is removed by
the administrator.
54. Hard-Coded Passwords
Open design security principle
Hard-coded passwords are a failure in the
application of that principle
– revealed password may result in a catastrophic failure
OEM requirements and ease-of-use may be at
odds with this principle
55. Wireless Access Points, Hard Drives, etc...
Does it sound reasonably safe to you to only allow
configuration of these devices from a wireless PC,
instead of requiring a wired connection?
– Cisco access points
Serial connection available for less user friendly setup
– Other brands
56. Logging
Logging is an important, often requested security
functional requirement
– Especially if application has its own access control
Logging integrity
– Append-only loggers
– External loggers
Logging confidentiality issues (passwords)
– Authority needed to view audit logs should be higher than
the privilege to administer the product
57. Attacks on Logs
Denial of service using chaff (junk; noise)
Semantic attacks (fake log entries)
Log entries with special characters
Log entries attempting to exploit vulnerabilities in
the logging mechanism
Log entries attempting to exploit vulnerabilities in
the log viewing mechanism
Logging second-hand or uncertain information
– Spoofed identities
Write to syslog from any location on the network
58. Log Denial-of-Service Attacks
CVE-1999-0566
An attacker can write to syslog files from any
location, causing a denial of service by filling up the
logs, and hiding activities.
– Chaff attack
CVE-1999-0063
Cisco IOS 12.0 and other versions can be crashed
by malicious UDP packets to the syslog port.
Solutions: Access control lists, firewall rules, etc...
59. Example Logging Issues
CVE-2003-0020
Apache does not filter terminal escape sequences
from its error logs, which could make it easier for
attackers to insert those sequences into terminal
emulators containing vulnerabilities related to
escape sequences.
CVE-2003-0460
The rotatelogs program on Apache before 1.3.28,
for Windows and OS/2 systems, does not properly
ignore certain control characters that are received
over the pipe, which could allow remote attackers
to cause a denial of service.
60. More Example Logging Issues
CVE-2001-1098
Cisco PIX firewall manager (PFM) 4.3(2)g records
the enable password in plaintext to the pfm.log
file, which could allow local users to obtain the
password by reading the file.
CVE-2002-0113
Legato NetWorker 6.1 stores log files in the
/nsr/logs/ directory with world-readable
permissions, which allows local users to read
sensitive information and potentially gain privileges.
61. Yet More Example Logging Issues
CVE-2001-1403
Bugzilla versions prior to 2.14 – username and
password from URLs recorded in logs
CVE-2001-0300
oidldapd 2.1.1.1 in Oracle 8.1.7 - local users can
delete logs and/or overwrite other files via a
symlink attack.
CVE-2001-0870
HTTP server in Alchemy Eye and Alchemy
Network Monitor 1.9x through 2.6.18
CVE-2001-0908
CITRIX Metaframe 1.8
62. Logging Mistakes!
CVE-2000-1179
Netopia ISDN Router 650-ST allowed unauthenticated
remote attackers to read system logs using certain
control characters.
CVE-2000-0967
PHP 3 and 4 did not properly cleanse user-injected
format strings, allowing remote attackers to execute
arbitrary commands by triggering error messages that
were improperly written to the error logs.
CVE-2000-0642
The default configuration of WebActive HTTP Server
1.00 stores the web log active.log in the web
server’s root document directory.
63. Question
Logging can be attacked by:
a) Exclusively using exploits that require an
account on the local machine
b) Using maliciously constructed data
c) Exclusively using exploits that break an
application that sends log data to the logging
mechanism
64. Question
Logging can be attacked by:
a) Exclusively using exploits that require an
account on the local machine
b) Using maliciously constructed data
c) Exclusively using exploits that break an
application that sends log data to the logging
mechanism
65. Logging Defenses
Use different logs for:
– Events
For users to see why their page/project/etc... failed
Per user log even better
– Operations
Allow normal administrative supervision
e.g., "started at 9:32 PM"
e.g., "error reading configuration file at ..."
– Audit
For sensitive information
e.g., Failed logins
– Usernames
– Passwords entered in username field
» Both matched pairs usually available in audit log
67. The Wrapper Problem
Calls to an insecure application can be wrapped
inside and protected by another program that
performs input validation and access control
Wrapper must have an exact and complete model
of the grammar and semantics used by the
protected application, otherwise:
– Insecure application loses functionality
– Wrapper lets through dangerous (“unexpected”)
commands
Updates to an insecure application require an
updated wrapper
68. Example Wrapper Problem
wu-ftpd CVE-1999-0997
– FTP server
wu-ftp with FTP conversion enabled allows an
attacker to execute commands via a malformed file
name that is interpreted as an argument to the
program that does the conversion, e.g. tar or
uncompress.
– Conversion is used to compress or uncompress files
– File names passed to tar without checking if one really is
a command line option that can be abused!
e.g., --use-compress-program <program>
e.g., --remove-files
69. Wrapper Through Interpreted Code
When application is invoked by a command
processed through a complex interpreter
Examples:
– calling programs through the system() and wsystem()
calls (UNIX and Windows)
– other cases of dynamic code generation (SQL, etc...)
Modeling the interpreter is difficult.
– “exec” family of UNIX calls presents a simplified interface
that limits misinterpretations and engineered attacks.
– Windows "CreateProcess*", "ShellExecute", "WinExec"
have complex cases that allow engineered attacks
70. Windows Call Complexity
CreateProcess (
lpApplicationName,
lpCommandLine,
...)
If lpApplicationName is NULL, then
lpCommandLine is interpreted...
– Looks for an application name
White space separators
White space in directory names are "tried" as separators
– C:Program FilesApplicationDirAppname.exe
– C:Program.exe would get executed if present
– Solution: enclose application in quotes, but why not specify
lpApplicationName then?
(From Howard and Leblanc, 2003)
71. UNIX “system " Call
Program and arguments are interpreted by a shell!
– very difficult to model and sanitize
Also available on Windows!
Exec calls
– exect and execle allow the separation of path,
arguments, and environment
Fewer risks
– int exect(const char *path, char *const argv[], char *const
envp[]);
72. Question
execlp and execvp search the PATH like a shell
does if the specified path is not absolute. Are they:
a) As safe as execv
b) Less safe than execv
c) More safe than execv
int execv(const char *path, char *const argv[]);
int execvp(const char *file, char *const argv[]);
73. Question
Rank the following calls in order of safety (high to
low):
– system
– execle
– execv
– execvp
a) execv, execvp, execle, system
b) execle, execv, execvp, system
c) execvp, execle, execv, system
74. Question
Rank the following calls in order of safety (high to
low):
– system
– execle
– execv
– execvp
a) execv, execvp, execle, system
b) execle, execv, execvp, system
c) execvp, execle, execv, system
75. File Descriptors
UNIX: forked and exec’ed processes inherit file
descriptors
Remember the principle of complete mediation
Close all unneeded file descriptors (before calling
exec)
77. About These Slides
You are free to copy, distribute, display, and perform the work; and
to make derivative works, under the following conditions.
– You must give the original author and other contributors credit
– The work will be used for personal or non-commercial educational uses
only, and not for commercial activities and purposes
– For any reuse or distribution, you must make clear to others the terms of
use for this work
– Derivative works must retain and be subject to the same conditions, and
contain a note identifying the new contributor(s) and date of modification
– For other uses please contact the Purdue Office of Technology
Commercialization.
Developed thanks to the support of Symantec
Corporation