The ECN No Name Newsletter is no longer being published. This is an archived issue.
[previous article] [next article]There have been some problems recently with unsecure user accounts on ECN hosts. It is important that we solve these problems because user files are in danger of being changed or destroyed. These problems fall into two categories:
One of the favorite methods of breaking into systems is guessing passwords and a number of ECN system users have chosen poor passwords. A security program run on several ECN hosts managed to guess a large number of user passwords. If you have a poorly chosen password, you need to change it to something better.
Poor passwords that are frequently used are:
Good passwords are random sequences of letters and digits with mixed upper and lower case characters. Choosing a sentence or phrase and using the first letter of each word is a good way to choose a difficult to guess yet easy to remember password. For example, "I'd fly to the moon for you" could yield If2Tm4U. It is very unlikely such a password would be guessed.
Passwords can be changed using the passwd(1) command. If you wish to change your password on every ECN machine where you have an account, use the -n option by typing, "passwd -n" . Passwords should be changed frequently (every two or three months), regardless of whether the user has noticed any unusual activity. Passwords should never be written down.
UNIX system file mode problems are as dangerous as password problems because malicious users can use them in a much more subtle manner than they can use mere password guessing. If a malicious user guesses a password, they must log in using that account and that leaves an audit trail. If, however, a directory or file is set with improper modes, another person doesn't have to guess your password! You have left your files open and another can access and alter your files leaving virtually no audit trail at all.
If you have questions about permission codes read the article, Understanding Permission Code on page 11 or ECN #101 Beginner's Notes, section 5.
Two mode problems frequently found on the ECN systems are where users have set important files or directories to mode 777. (Mode 777 is where everyone with access to the system has permission to read (copy), write (alter), and execute your files.) The problems are:
The first problem listed basically gives any user on the system the power to do anything the target user can do. For example, a malicious user can edit the target's .login, when foolishly set to mode 777 and add commands that will remove the target's files the next time he/she logs in. It is as simple as typing "vi ~foo/.login". It is just as easy to break into an account using any of the other "dot" files listed above.
Users who have their HOME directories mode 777 are asking for the same kind of trouble. Any user on the system can write in a mode 777 directory, which means they can put any file there they want. A common trick for someone trying to compromise the account is to use a "trojan horse". A frequent trojan horse attack makes use of the ls command. The malicious user finds a mode 777 HOME directory and puts a file there with the name "ls". This "ls" file is a shell script that (a) performs some action the malicious user wants done, (b) then executes the real UNIX command ls, and (c) then edits out any reference to the trojan horse "ls" file. A common trojan trick is to add a login to the target's .rhosts file. Once this is accomplished, the malicious user can log in to the target's account whenever desired.
Contrary to popular belief, setting file modes to 644 in a mode 777 directory does not protect the file. A malicious user can copy, edit, and remove a file from the target directory and then write his/her modified version back in.
The solution to the mode problem is simple. Use the chmod(1) command to make the modes on the files in question more secure. HOME directories and user files should not be world-writable or group-writable (if they're owned by group other). By default, HOME directories are created mode 700, which doesn't allow anyone but the owner access to the directory. If users want to change the modes so other users can see their files, they can change the modes to 755, which allows others read and execute permission for the contents of the directory. There are two common modes for normal files: 600 and 644. Mode 600 files are visible and accessible only to the owner, while mode 644 files can be read by others on the system. To change modes on a HOME directory, cd to the directory and use the chmod command. For help in using the chmod command, type "man chmod".
Another concern is physical security of logged on terminals. Users may get up from their terminals and walk to the next room to pick up printouts. During the time their terminals are unattended they are available for use. Users should not leave their terminals without locking them! The manual page concerning lock provides additional information. Similarly, users should not type their password when others may be watching.
Lastly, users should not give their password to anyone, or "let a friend use their account." Account sharing is a security breach and is in violation of department regulations and licensing agreements.
HTML