Third Set of Questions


Question:
How secure is Linux compared to Windows or the MacOS. Which operating system offers the best security features?

Response:
This depends on what you consider secure. Each system was designed with different goals. Security is a specific goal of Windows NT and Windows 2000. The MacOS was not designed with security in mind and, until MacOS 9, was intended for single user systems. MacOS X is built on top of a BSD-flavor kernel, so it has more security features. But, like Linux, the BSD systems were not designed with security as a primary goal.

The bottom line is that all three systems offer security features designed for different purposes. Of them, only Windows had security as a specific design goal. But all can have excellent to terrible security, depending on how one configures them. So I think any claim that "Linux is more secure than Windows" or "Windows is more secure than Linux" is too ill-posed to be answered.


Question:
Child labor laws allow minors to start working at age 14. However, the laws also don't hold minors accountable for their actions. Most of the time, parents are accountable for their children's actions. If an organization hires a minor to do penetration testing, that minor can't sign a "License to Hack" agreement that is legally binding. If that minor should get into trouble, who is held responsible for damages? The parents or the people who hired him?

Response:
I don't know the law in this area. But I suspect the company could be in trouble too, for teaching (or helping) a minor to break into systems. :-)

In general, penetration testers are not minors. Companies want an established record of expertise and personal and professional integrity before they will hire someone for this sort of thing. The risks are too great to do anything else.


Question:
In the security realm, hackers are greatly despised. However, the number of attackers are growing, thanks to the popular Internet. Many web sites related to hacking exist on the Internet. And there is no doubt that interested attackers will go on these sites and learn about various hacking techniques. So, to reduce the risks of security break-ins, shouldn't laws be passed to ban such web sites? Even web sites that distribute free MP3s were banned! Shouldn't we just bypass the First Amendment in order to safeguard against security harm?

Response:
Ignoring the civil liberties arguments about restricting the application of the First Amendment, bypassing it would not change the situation in the slightest. Suppose for a moment all such Web sites were declared illegal under U. S. law. How would you enforce it against the sites in Denmark, Russia, and Bulgaria that also have this information? Further, it's not just the nasty folks who go to these sites to learn about problems. System administrators, educators, and researchers gather sample tools and data from them too. And I suspect the information would continue to circulate, only in less accessible places.

Incidentally, there is an international debate on a subject close to this. The Draft Convention on Cyber-crime contains some wording that may encourage signatories to make possessing tools used to break into computer systems illegal under some circumstances. A group of computer security experts have drafted a Statement of Concerns abour the current wording. The treaty, and the concerns, make interesting reading. The Awareness Program for the Draft Convention on Cyber-Crime has relevant information as well.


Question:
Don't most modern systems use /etc/shadow to hold the actual passwords?

If I recall correctly, there is an "x" in the password file to indicate that the password is in shadow. so, does that x have to be there? ie, if one can remove that, does that mean no password?

What I'm getting at is a lot of the hacks to get root access depended on overwriting the password file. and on the systems I've seen shadow, it's 400 so not even root can overwrite it. An attacker would need to access chmod (or equiv) before overwriting (as in the lpr exploit).

So, in general, if the file holding passwords (be it shadow or passwd) has no write privileges for anyone, does that indeed protect against exploits by overwriting? (ie, one needs a root shell or at least a way to change permissions?)

Response:
First, root can overwrite files even if their protection mode is 400 (r--------). The system does not apply any access controls to root. (It does apply type checking, so root cannot do a write(2) on a directory object, because it's of the wrong type.)

Second, there are a large number of vulnerabilities that allow an attacker to become root that do not involve overwriting the password/shadow file, so even if you were to make that file unwritable by root, it wouldn't protect you. (Also, how could users change their passwords in that case?)


Question:
How do you protect employees' emails and personal information from the employers or the system administrator?

Response:
Basically, you don't put that information on the system. If you don't trust a superuser, then you have no security, and anything you do can be monitored, read, or altered.


Matt Bishop
Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060
Fax: +1 (530) 752-4767
Email: [email protected]
Copyright Matt Bishop, 2000. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.

Page last modified on 10/27/2000