Table of Contents
Advertisement
file permissions immediately. An incorrect file attribute does not only mean that files
could be changed or deleted. These modified files could be executed by root or, in
the case of configuration files, programs could use such files with the permissions of
root. This significantly increases the possibilities of an attacker. Attacks like this are
called cuckoo eggs, because the program (the egg) is executed (hatched) by a different
user (bird), just like a cuckoo tricks other birds into hatching its eggs.
A SUSE® Linux Enterprise system includes the files permissions, permissions
.easy, permissions.secure, and permissions.paranoid, all in the direc-
tory /etc. The purpose of these files is to define special permissions, such as world-
writable directories or, for files, the setuser ID bit (programs with the setuser ID bit set
do not run with the permissions of the user that has launched it, but with the permissions
of the file owner, in most cases root). An administrator can use the file /etc/
permissions.local to add his own settings.
To define which of the above files is used by SUSE's configuration programs to set
permissions accordingly, select Security in YaST. To learn more about the topic, read
the comments in /etc/permissions or consult the manual page of chmod
(man chmod).
50.1.5 Buffer Overflows and Format String
Bugs
Special care must be taken whenever a program is supposed to process data that can or
could be changed by a user, but this is more of an issue for the programmer of an appli-
cation than for regular users. The programmer must make sure that his application in-
terprets data in the correct way, without writing it into memory areas that are too small
to hold it. Also, the program should hand over data in a consistent manner, using the
interfaces defined for that purpose.
A buffer overflow can happen if the actual size of a memory buffer is not taken into
account when writing to that buffer. There are cases where this data (as generated by
the user) uses up some more space than what is available in the buffer. As a result, data
is written beyond the end of that buffer area, which, under certain circumstances, makes
it possible for a program to execute program sequences influenced by the user (and not
by the programmer), rather than just processing user data. A bug of this kind may have
serious consequences, especially if the program is being executed with special privileges
(see
Section 50.1.4, "File Permissions"
(page 892)).
Security and Confidentiality
893
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006
Related Products for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006
- NOVELL IDENTITY MANAGER 3.6.1 - UNDERSTANDING POLICIES 05-06-2009
- NOVELL LINUX ENTERPRISE SERVER 10 - ARCHITECTURE-SPECIFIC INFORMATION 08-04-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - ARCHITECTURE-SPECIFIC INFORMATION 08-05-2008
- NOVELL LOGIN SCRIPTS - 08-2008
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - STORAGE SERVICES AUDITING CLIENT LOGGER UTILITY REFERENCE 04-29-2010
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - ADMINISTRATOR REFERENCE 06-17-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - DEVELOPMENT CLIENT REFERENCE 08-28-2009
- NOVELL SENTINEL LOG MANAGER 1.0.0.5 - 03-31-2010
- NOVELL SUPPORT ADVISOR - 04-2010
- NOVELL LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP1 - S 11-20-2009