IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 5.20 Abuse of Administrator rights<br />

Abuse of Administrator rights occurs when superuser (root) privileges,<br />

acquired either rightfully or illicitly, are deliberately used to harm the system<br />

or its users.<br />

Example:<br />

Since root in UNIX systems is not subject to any restrictions, the<br />

Administrator is able to read, modify or delete any file, regardless of access<br />

rights. Moreover, he can assume the identity of any user of his system, without<br />

this fact being perceived by any other user; thus, it is possible for him, by<br />

feigning another person's identity, to send mail messages or to read and/or<br />

delete mail messages intended for others.<br />

<strong>The</strong>re are a number of ways in which superuser privileges can be abused.<br />

<strong>The</strong>se include misuse of incorrectly administered superuser files (files with<br />

root as owner and s-bit set) and of the su command.<br />

Automatic mounting of exchangeable data media can also constitute a threat,<br />

since as soon as the medium is placed in the drive, it is mounted. <strong>The</strong>n<br />

anybody has access to the files stored there. If any s-bit programs are stored<br />

on the mounted drive, any user can obtain superuser rights.<br />

Depending on the UNIX version and the hardware used, if the console can be<br />

accessed then it is possible to activate monitor mode or else to boot up in<br />

single-user mode. This allows the configuration to be manipulated.<br />

A software error could mean that a given application is only able to process a<br />

limited amount of data. If too much data or too many parameters are passed to<br />

this application, areas of main memory could be overwritten with alien code.<br />

This could result in commands being executed with the rights of the<br />

application. This was possible, for example, under SunOS 5.5 with the<br />

command eject, which possessed SetUID rights which to all intents and<br />

purposes were equivalent to superuser rights.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

No restrictions for root<br />

Superuser files<br />

Automatic mounting<br />

Access to the console<br />

Software errors

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!