Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual page 907
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION:
- Manual (184 pages) ,
- Supplementary manual (50 pages) ,
- Quick manual (12 pages)
Table of Contents
Advertisement
The permissions of all files included in the SUSE Linux Enterprise distribution are
carefully chosen. A system administrator who installs additional software or other files
should take great care when doing so, especially when setting the permission bits. Ex-
perienced and security-conscious system administrators always use the -l option with
the command ls to get an extensive file list, which allows them to detect any incorrect
file permissions immediately. An incorrect file attribute does not only mean that files
could be changed or deleted. These modified files could be executed by root or, in
the case of configuration files, programs could use such files with the permissions of
root. This significantly increases the possibilities of an attacker. Attacks like this are
called cuckoo eggs, because the program (the egg) is executed (hatched) by a different
user (bird), just like a cuckoo tricks other birds into hatching its eggs.
A SUSE Linux Enterprise system includes the files permissions, permissions
.easy, permissions.secure, and permissions.paranoid, all in the direc-
tory /etc. The purpose of these files is to define special permissions, such as world-
writable directories or, for files, the setuser ID bit (programs with the setuser ID bit set
do not run with the permissions of the user that has launched it, but with the permissions
of the file owner, in most cases root). An administrator can use the file /etc/
permissions.local to add his own settings.
To define which of the above files is used by SUSE Linux Enterprise's configuration
programs to set permissions accordingly, select Local Security in the Security and Users
section of YaST. To learn more about the topic, read the comments in /etc/
permissions or consult the manual page of chmod (man chmod).
49.1.5 Buffer Overflows and Format String
Bugs
Special care must be taken whenever a program is supposed to process data that can or
could be changed by a user, but this is more of an issue for the programmer of an appli-
cation than for regular users. The programmer must make sure that his application in-
terprets data in the correct way, without writing it into memory areas that are too small
to hold it. Also, the program should hand over data in a consistent manner, using the
interfaces defined for that purpose.
A buffer overflow can happen if the actual size of a memory buffer is not taken into
account when writing to that buffer. There are cases where this data (as generated by
Security and Confidentiality
889
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION
Related Products for Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION
- NOVELL BUSINESS CONTINUITY CLUSTERING 1.0 - ADMINISTRATION
- NOVELL CLIENT 1.0 FOR LINUX - README
- NOVELL SENTINEL LOG MANAGER 1.0.0.4 - S
- NOVELL SENTINEL LOG MANAGER 1.0.0.5 - S
- NOVELL ZENWORKS 10 ASSET MANAGEMENT SP3 - MIGRATION GUIDE 10.3 23-03-2010
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - COMMAND LINE UTILITIES REFERENCE 10.3 30-03-2010
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - PREBOOT SERVICES AND IMAGING REFERENCE 10.3 16-04-2010
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - ZENWORKS REPORTING SERVER 10.3 30-04-2010
- NOVELL ZENWORKS 7.2 LINUX MANAGEMENT - SCENARIOS 1 03-30-2007
- NOVELL OPEN WORKGROUP SUITE SMALL BUSINESS EDITION 9.3 - ADMINISTRATION 10-2007
- Novell SUSELINUX ENTERPRISE DESKTOP 10 KDE
- Novell SUSE LINUX ENTERPRISE DESKTOP 10 SP1 KDE
- Novell LINUX ENTERPRISE 10 SP1 - LINUX AUDIT
- NOVELL BUSINESS CONTINUITY CLUSTERING FOR NETWARE 1.1 - ADMINISTRATION
- NOVELL DATA SYNCHRONIZER - UPDATE 1
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE