***** ********* ******* * * * * * * * * ********* * * * * * * * * * * * * * ******* Issue #35 March 29, 1989 Happy Birthday to The Operator (201) !! ************** ** YIPPIE! **- - - - - - - - - - . ************** / / / / / Activist Times, Inc. ATI is a journalistic, causistic, / /cyberpolitical / /organization, / 4 more info? /trying to / send SASE /help y'all / stamps??? change the world / to: radically, in less / ATI than two minutes / P.O. Box 2501 ..of course! / Bloomfield, NJ - - - - - - - 07003 Note the new address! Of course.. The only difference is that your lovely correspondence will go to yours truly, Ground Zero. Ok, here's some of the correspondence we've gotten lately. Keep the feedback coming. We love to hear from our readers, even if it's criticism. :.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:. From: Anonymous Location: Unknown Finally got all of ATI34... Just a few comments. NJ Bell isn't "favoring" AT&T over the other carriers. It's merely engaging in the common business of selling information on its customers. Name one business that doesn't do this, I'll show you one missing out on a nice source of easy profit. The New Age club: is it any worse than any of the politically correct movements (the New Age movement, that is)? A couple of days ago I went down to the low-rent/low-iq/high-crimerate section of town and started collecting some of the political posters. The following was taken from a flyer advertising a feminist rally to oppose pro-lifers: The Link Between Forced Reproduction and Forced Sterilization! Speaker: Elizabeth Thacker from the Revolutionary Communist Youth Brigade I won't bother with the rest; it was a paranoid ramble about how white males were opposing abortion to force women into being sterilized as the only means of birth control. I could give more examples, like a press statement from the NAACP regarding a recent civil rights decion by the federal government The New Age movement is no worse than any other mass movement; in fact, by your standards they should be the best. Don't they show concern for the environment, the arms race, and poverty, and believe in Universal Love and all the other things your average 60's-leftover leftist advocates but has enough sense not to follow. Regarding the Tau Kappa Et advocates but has enough sense not to follow. Regarding the Tau Kappa Epsilon poster: was it any more frightening than the self-righteous censorship practiced by yourself and the other campus feminists? Question yourself as well as others -:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:- GZ's reply: I do question myself,quite often, in fact. You brought up a good point about NJ Bell, which I can agree with. However, your refernce to the "low rent/low-iq" part of town shows an obvious bias against the poor. And I am all too familiar with the Revolutionary Communist Youth Brigade, which often takes extreme stances on issues, but I must say that there truly have been many instances in which the poor have undergone forced steriliz- ation. And you cannot deny the fact that regular means of birth control are not readily accessible by poor women. If these methods were available to poor women in the first place, there would be little need for abortions or ster- ilization. And as far as censorship of the TKE posters, I believe that I have the right to remove materials that are both extremely offensive and, more importantly, dangerous to women. -:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:- From: The Worm Location: 203 I enjoy reading ATI very much. Are you the originator of this magazine? :.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.: GZ's reply: No, Prime Anarchist (203) was the originator of ATI last summer. When he went into the Army last November, I took over the writing and distribution, along with Fah-Q and The Operator (201) and our staff, consisting of Cygnus (203) and The Happy Hacker (412), and other occasion- al contributors. Thanks for your continued support! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ok, now for something that I think you'll enjoy. We don't have the Doc Telecom/Raider article ready yet, so we will grace you with an article on UNIX which we hope you'll find very informative. Don't flinch, just read it. Maybe you'll learn something.. ?"Striving for Unix Security" ? ? Typed in by Nightcrawler for Activist Times, Inc. ? ? Originally presented in Computerworld -- March 20, 1989 ? Last November's well-publicized worm attack struck more than Internet's Unix-based electronic mail system. The operating system and AT & T, its major developer, are also suffering from the impact. Other potential victims may be corporations and governments that have accepted Unix for its functionality and portability. Unix has a reputation for being insecure. But is it inherently insecure? The question has enormous economic, political and techonological sensitivity but it and others must be answered. The facts are that Unix's security depends on the version of the operating system being used, what the systems administrator has established as controls and what pressures for security improvements develop from the government corporations and even AT & T. What are the security problems associated with using the Unix operating system? How can IS best safeguard information running on Unix-based systems? What specific approaches to improving the security of Unix systems will be effective? "Unix popularity" Secure or not, there is no doubt that Unix is popular. The results of a recent survey of Unix users indicate that the reasons for Unix's growing popularity among users range from its portability and cost-effectiveness to its proven success in other organizations. Certain companies have little choice in whether to select Unix, because the software programs best suited for their needs are often Unix-based. According to the survey, the biggest barrier to increasing Unix usage is the lack of trained technical expertise, the lack of compatibility and the lack of application software. Framingham, Mass.-based market research firm International Data Corp. has cited the lack of proven commercial and application software performance and the standards confusion as also working against Unix. Interestingly, security was not mentioned once in the survey results, even though the questions were asked in December, during the height of the publi- city surrounding the Internet virus attack. Yet security obviously should be a concern to the more than two-thirds of the respondents who indicated that they were using communications links between Unix and non-Unix systems for file transfer, terminal emulation, Transmission Control Protocol/ Internet Protocol, and E-mail. Unix's popularity is partly because of the variety of Unix-based products out today. But because of the independent development work that has been done on Unix, the user is often faced with the fact that one Unix product is not always the same as another. In reality, there are a number of Unix versions that share only certain features and security vulnerabilities. Unix's ready availability and portability have caused it to be the operating system of choice for both academicians and new companies develo- ping computer systems. Vendors that use it as the operating system for a hardware platform tailor Unix to suit their own needs. Usually this tailoring occurs inside the kernel. "What is Unix, really?" Unix is composed of a set of tools and applications that run on top of a base, or kernel, that handles the low-level functions. The tailoring inside the kernel would not be readily visible to users even though it may be extensive. For example, Unix is notorious for having a file system that is hard to repair and maintain. Thus, some vendors completely rewrite the file system internals in hope of improving their market edge and the stability of their system. While that vendor's system may be better, the result is that Unix often becomes a label on a set of services that appear to be the same to the user but are in fact very different inside. The University of California at Berkeley has become the center for much of the academic development that is now the basis for one of the two major versions of Unix available in the market -- Unix Version 4.2. AT & T's Unix System V, whose latest release -- Version 3.2, available since last fall -- contains major improvements in security. The Berkeley and AT & T versions are similar in some ways, but they are different enough to cause confusion. While many of the basic tool kits are the same, there are enough significant differences to warrant a parti- tioning of the market. Some vendors have chosen System V, and others have chosen 4.2. Not all of the applications running on one system run on the other. The industry has recognized these problems and has, for this and other reasons, tried to organize a "standard" Unix. There are competing organi- zations trying to create the standard Unix, including the Open Software Foundation (OSF), Unix International, Inc., the Institute of Electrical and Electronics Engineers (IEEE) in association with the National Institute of Standards and Technolog (NIST) and X/Open Consortium Ltd. The hope is that standardization will help make the operating system more consistent and thus more secure. As the standardization and security certification efforts heighten, more and more inspection of the development process and the structure of the actual code will be required. So far, the lack of development controls has created a potential for undesirable code to reside within the system and to be difficult to find. But these weaknesses may also portend Unix's greatest strength: The operating system's very openness and the scrutiny devoted to it will make it difficult for the bugs to remain in place forever. Since no single vendor has control over Unix, no single vendor can control or cover up the problems. Over the next few years, most of the unknowns in Unix hopefully will be understood and repaired. "Unix insecurity" The fact remains that Unix does have many sceurity vulnerabilities that are well known to computer and network managers. These weaknesses are also well known to hackers, computer hobbyists and others who may be interested in testing their technological skills. They have easy access to published articles, Unix documentation and bulletin-board information sources on back doors into Unix. The Unix security problem is composed of Unix-specific and non-Unix- specific elements. Unix-specific sceurity risks are those inherent in the architecture of th eoperating system and therefore are not likely to disappear from most existing Unix systems in the near future. Included in this classification are the "superuser" user category, which provides universal access, and the "setuid" and "setgid" system calls. Non-Unix-specific security risks are those associated with the normal usage of computer systems and software. On a Unix system, these can lead to great damage because of how Unix functions. Included in this category are the risks in having software conatin back doors or Trojan horses as well as unsecured physical locations where networks, computer rooms, terminals, tapes and disks can be accessed by unauthorized persons. "Unix-specific issues" The inherent operating qualities of Unix create a vulnerability that opens the doors to some security attacks. For the Unix-proficient, these struc- tures can be summarized in the superuser, setuid and setgid functions. A user who becomes a superuser is able to remove all the security barriers that exist within Unix. Thus, one problem deals with keeping unauthorized users from becoming superusers. This problem is common to a variety of Unix systems and has a rather standard set of administrative solutions. Many of the tools and utilities in Unix need to change modes into superuser for a brief period of time in order to reach some service that the system calls. When properly executed, these place the program executing them into superuser status. In most cases, such programs are well debugged and there is little risk of decreasing the stability of the system. However, teh existence of a mechanism that allows the garnting of unlimited privileges to some programs can be easily exploited. The xeploitation can occur through poor design or through maliciousness. There are many documented cases of poorlydebugged and/or maliciously designed programs being run in this mode and creating inadvertent or intentional damage. In one case, an administrator wrote a program that, among other things, allowed users store information in certain privileged directories. The program used a file, itself in a privileged directory, to control the directories that were to be written into. Unfortunatley, the file contained an entry for its own directory. A user saw this and rewrote the entire file, giving himslef the ability to write into any directory in the system. Were he malicious, he could easily have placed viruses, Trojan horses, back doors, or other programs in any system or user directory. Thus, any program capable of reaching superuser status needs to be care- fully managed and certified. In an environment that is open and free, what often happens instead is that software can be passed from one machine to another without proper certification. In one experiment, a researcher gave one such maliciously designed program to a nonprivileged Unix installation user and observed its migration to the status of a privileged program within a few days. Software travels quickly, and seemingly useful software travels even more quickly. Thus, while the mechanism within Unix can be safeguarded, it is more difficult to ensure that the people around Unix will act with the proper caution. "Non-Unix-specific issues" This scenario leads to the non-Unix-realted aspects of security. There are two popular methods for attacking a computer system -- a Trojan horse and a back door. These two types of attacks are used in many types of systems, not just Unix systems. A Trojan horse is a program that contains code whose instruction is to do some kind of damage. For all practical purposes, the program provides some useful service. However, it also contains logic that will do something other than what the program was intended to do. These Trojan hore programs have caused a variety of damage, ranging from corrupting files to surreptiously sending files across a network to someone who otherwise would not have access to the transferred data. A back door is similar to a Trojan horse except that it is a piece of code that is left behind to be triggered by an outside agent. The person who inserted the back door activates the code. Once activated, it responds to the commands of the intruder. The Internet virus in the Unix E-mail system allegedly came in through such a back door. In Unix, these and similar attacks pose special dangers because, by judicious manipulation, the attacker can become a superuser and gain access to anything in the machine. These unsophisticated computer attacks can be very effective in Unix, more so than in some other systems. "Other openings" In addition to ecternally produced Trojan horses and back doors, two mechanisms within Unix are important to security. When users enter a command in Unix, the system searches for the program named by that command along a search list of names defined by the variable "PATH." If this search list is altered in some fashion, everyday users can be invoking Trojan horse programs that are disguised to look like standard programs. In general, PATH is set up to search through a standard set of drirectories for the program. If PATH is altered to search through a directory that has not been allocated privi- leged status and does not belong to the user typing commands, then any program placed in that directory could be chosen before the standard program. Thus, one alteration to PATH can lead to an endless set of bogus programs. A security audit product currently on the market uses such a technique to determine if the security of the system has been breached. The security audit program masquerades as the common utility "ls." When "ls" is invoked, a security audit is done in addition to the normal work "ls" usually performs. While this use of the mechanism is for security reasons, other uses may not be for that purpose. Ensuring that PATH is not altered can control accidental triggering of malicious programs. The sceond major security concern found within Unix is the connection of the system to the network. Unix systems, by and large, tend to be connected to networks. Hiwever, besides their valuable use as user and data connectors, networks can also be thought of as vehicles for bringing in uncertified software and sending out private data. Unix has many tools that will alow it to become part of the growing commu- nity of newtwork users within the industry. The Unix-to-Unix Copy Program is one such mechanism that allows the system to send and receive mail and script files from users on other systems. In addition, network file systems represent another threat by requiring users to reach across the network for their file systems. This intimate link between users and their file systems can potentially be more easily intercepted than when this communication takes place within a single internal system. The network in effect puts the Unix system out in the open, where it may be more vulnerable to access attempts. Network connectivity also creates a need for adequate physical security. Many precautions must be taken to provide enough security for a Unix system just as for any other system. While Unix's physical sceurity requierments are no different from any other system, the availability of ways to connect to other systems over the network, local or worldwide, makes physical security harder to achieve than with other systems of lesser capability. "Securing Unix" While it may appear that Unix users are without protection, that is not the case at all. While Unix is not as strong as many in information security would like, newer versions of Unix have improved security, and additional tools are available to make Unix more secure. There are also future developments that will increase the ease of security management. Systems using Unix can be better protected. Yet, they are only as secure as their systems administrators allow them to be. The security of any operating system can be attributed directly to how well that system has been administratively reviewed and secured. IS must set up accounts, create passwords, add new software to the systems and give access rights to various pieces of data. The dynamics of admini- stering a system dictate ongoing change in the access and relationship of the various accounts, files and programs. Without careful and deliberate execution, the best automated mechanisms can be subverted. Beyond the system administrators, the vendors of systems with known weaknesses also have responsibilities to pay more attention to system security. They need to provide information and pass on timely patches to their customers when holes are discovered in their systems. They will have to work to increase their systems' security to stem lost sales opportunities as well as to prevent potential lawsuits, which, even if unsuccessful, can become public relations nightmares. While there may not always be enough pressure put on vendors solely by corporations requiring a secure Unix, the federal government has been quite active in seeking ways to induce security within the vendor community. Over the next few years, the government will strengthen the security requirements of all the systems -- Unix or otherwise -- that it procures, and as commercial vendors comply with these regulations, these products will become available to the private sector. Thus, systems purchased in 1992 should, in all likelihood, have significant security improvements over today's systems. In any case, the government-vendor cooperatie relationship can be examined in a number of ways. The current conflict over standards affects Unix security, and that is what links the vendor community with the federal government, which holds a major stake in Unix security. (The government purchased $1.93 billion worth of Unix systems in 1988, with approximately two-thirds of that eramarked for the defense agency.) According to recent published reports, US Department of Defense officials are so concerned about the security aspects of both AT & T's System V and OSF's Unix offering that they may try to force the two groups together to come up with an acceptable operating system. Recently, in response to the latest outbreak of computer viruses, the Defense Department formed the Computer Emergency Response Team (CERT). CERT is a group of experts who will be available to fly to federal sites around nation to assist in fighting viruses. Last December, /Usr/Group, the Unix trade association, applauded the establishment of CERT and suggested that the computer industry supplement these government efforts by agreeing on standard procedures for dealing with emergencies such as viruses. The user group recommended considering the best way to disseminate information when computer networks are artificially congested through viruses or other exceptional network problems. The government also supports Unix security improvements through its testing procedures. In late 1986, the National Security Agency's National Computer Security Center studied a prototype secure system derived from AT & T's Unix System V, Release 2. The study assigned that system with the B2-level of assurance requirements defined in the Trusted Computer System Evaluation Criteria (TCSEC). The study concluded that is possible to build a B2, B3, or A1 system with an interface very much like that of Unix. However, it also concluded that major problems exist with today's common Unix implementations. Fortunately, vendors have started to respond to the government's security concerns. Several firms have announced secure versions of Unix to help them capture contracts with organizations such as aerospace companies. The Department of Defense issued Directive 5200.28 last year, requiring that by 1992 virtually all multiuser computer systems meet at least the C2 level of the TCSEC. This level provides for need-to-know protection, audit capabi- lity, and user accountability. Certain vendors have announced that they are seeking even higher levels of security. AT & T's next release of Unix is expected to have C2-level security features. In addition, the Department of Commerce's NIST, which develops standards for the civilian agencies of the federal government and interfaces with the private sector, has a Unix security project. Posix is concerned with security standards efforts associated with IEEE P1003.6, which is an inetrface-specific standard. The objectives and scope of this effort are to establish functional interface standards consistent with but not limited by the TCSEC. Elements of Posix wil include basic security mechanisms, discre- tionary access controls, auditability mechanisms and nondiscretionary access controls. Without a doubt, Unix security will improve over time. How it will improve and the costs involved in increased security are less certain. Those decisions await the push of an organized IS community. IS has a major stake in improving Unix security, but only such that the security serves other IS needs. If upgrading Unix security interferes with information flow or complicates network management, it will continue to receive insuffiecient attention. A balance between production and protec- tion will have to be addressed. IS managers have an absolute right to impress upon vendors their interest in security improvements within certain rpoduct lines. IS can also make it quite clear to the Unix standards groups that these organizations must agree on security as a priority area, aside from their other disagreements concerning standards. Finally, IS can advise and work with the government to define the security needs of the private sector. Firms should get into both the definition and decision loops at this time or be prepared to stand around and complain after some very essential decisions have been made. By that time, it may be too late to do very much. The Internet virus attack brought Unix security problems out into the open. Ironically, the attack took place while major efforts were already under way to improve the security of this operating system. Eventually, secure Unix may no longer be a contradiction in terms. ============================================================================ Did you like it? I hope so. Thanks a bunch to Nightcrawler (516) for contributing it! Welp, that's all for ATI35. ATI36 will be out within the next week. We promise. Look forward to a LOT of good stuff. In the meantime, stay cool, and remember....It's better to be pissed off then pissed on! Ciao...