Common Directories and Libraries
Common Directories and Libraries
Copyright(c) Management Analytics, 1995 - All Rights Reserved
Copyright(c), 1990, 1995 Dr. Frederick B. Cohen - All Rights Reserved
Most systems have common use areas, such as the `tmp',
`usrtmp', and `usrlocal' areas. These are used by programs for
temporary storage, or by programmers or program installers to put
programs designed for other users to use into a common access area.
This is efficient because it reduces the size of the search path, and
separates systems information from local customizations.
Problem:
The problem comes when users can put executable programs,
libraries, and other information into the search path of many other
users. This allows Trojan horses and spoofing programs to be easily
introduced. It also allows users to modify programs placed into
common areas by other users. For example, temporary areas are used to
store intermediate results during compilation. Since these areas are
accessible to any user, any user can modify another user's program
during compilation.
Prevention:
There is no way to prevent this in most UNIX systems,
but if we educate users to this problem and provide proper defaults
for the path variable, we can prevent most such problems.
Detection:
This problem could be detected by integrity provisions in
each program accessing the common use areas, but no standard UNIX
program provides this sort of mechanism at this time.
Cure:
If you find such an induced problem, you can replace the corrupt
information.
Problem:
Spooling areas are also susceptible to attack, depending on the
protections used on those directories. Since many users have to be able
to spool output to printers, protection is commonly misapplied.
Prevention:
The setuid facility can be applied to secure these areas, but
you have to be careful with this facility as well.
Detection:
There is no obvious way to detect such problems, and almost certainly
no general purpose method of detection.
Cure:
If you can't detect the problem it is very hard to eliminate it.