| |
Although only a handful of Linux viruses, but based buffer overflow (Buffer Overflow) vulnerability to attack or surprise for many Linux users. The so-called "world's first Linux virus" reman, strictly speaking, is not a real virus, it is essentially an old, in the Linux / Unix (also including Windows and other systems) has long existed in the world "buffer overflow "exploit. reman is a very common, automated procedures buffer overflow, but even so, it has caused a lot of panic in the Linux community.
Buffer overflow is a troubled security experts 30 years of problems. In simple terms, it is caused due to a programming mechanism, it appears in the software memory error. Such a memory error makes a hacker to run a malicious code to compromise the system running normally, or even gain control over the entire system.
Linux System Features
Buffer overflow rewriting the content and function related to memory, return address, thus changing the code execution process, only valid within a certain competence. Because the process is running with the current user's login rights and identity-related, is only capable of producing a buffer overflow can not break the system of privileges of the current user settings. Thus, although a buffer overflow can be used to make a program to execute other code is specified, but the code is executed only with specific permission, or can not complete the task of ultra vires.
However, Linux (including Unix) system itself has some of the features can be used to break the limitations of such authority, it makes it possible to use a higher buffer overflow, even full permissions. Mainly in the following two aspects:
1.Linux (including Unix) system by setting the attributes of a file is executable SUID or SGID, allow other users to the executable file owner user ID or user group ID to execute it. If the properties of the executable file is root, while the file attributes are set to SUID, then the executable file exists exploitable buffer overflow vulnerability, you can use the code that performs a specific, arranged by another as root. Since a code that can be made to be executed with root privileges, Shell will be able to produce a super-user root privileges, then the master control of the risk of the entire system is created.
2.Linux (including Unix) many of the daemon is running as root. If these programs exist exploitable buffer overflow, you can direct it to root identity code to perform other arrangements without having to modify the properties of the SUID or SGID program. Thus obtained control of the system will be easier.
With remote login mechanisms for the advancement of modern network technology and network applications, computer network provided by a remote call and the enforcement mechanism is necessary. This allows an anonymous Internet users the opportunity to exploit a buffer overflow vulnerability to gain partial or full control of a system. In fact, in order to buffer overflow attacks as a means of attack accounted for the vast majority of remote network attacks, which brought the most serious security threat to the Linux system.
Approaches
Typically the attacker will first attack root program, then use a buffer overflow occurs when a memory error to perform similar "exec (sh)" code to obtain a Shell root of. In order to obtain root privileges Shell, an attacker would need to complete the following tasks:
1. Organization of the appropriate specific code in the program's address space. Usually there are two methods to arrange the attack code in the program address space attack.
2. By proper initialization of registers and memory, so that buffer overflow occurs when the program can not return to the original place of execution, but the jump to be arranged in the address space execution.
When the attacker can find a way to change the original program code and process execution, the risk of attack produced.
Precautions
Buffer overflow attacks Linux under threat from both the write mechanism of software, but also from the characteristics of Linux (and Unix) system itself. In fact, the buffer overflow attacks, and various computer viruses rampant fundamental reason is that modern computer systems are based on the von? Neumann "stored program" works. The basic principles of such programs and data can be breeding in memory, copy and execute. Therefore, to effectively prevent buffer overflow attacks on these two aspects should be its next dual tube.
Ensure proper security codes
Buffer overflow attacks the root causes of that mechanism is written. Therefore, to prevent buffer overflow vulnerabilities should first ensure that the program is running on a Linux system (including system software and application software) code is correct, there are procedures to avoid variable without checking, buffer size and borders exist. For example, using the grep tool searches the source code loopholes easily call the library, the size of the detection variables, array bounds, protection of the pointer variable, and having a boundary, the size of the detection of C compilers.
Based on certain security policy settings System
Attackers a particular Linux system must first be in some way to attack the system do the necessary knowledge, such as version information, and then re-use the system some settings, directly or indirectly acquire control. Therefore, to prevent buffer overflow attacks is the second aspect of the system set up to implement effective security policies. Many different types of these strategies, due to limited space only to name a few typical measures:
(1) In the case of containing Telnet service, manually rewrite "/etc/inetd.conf" file in the Telnet settings, so that the user can not see the remote login prompt information systems. The specific method is to set the Telnet rewritten as: telnet stream tcp nowait root /usr/sbin/tcpd/in.telnetd -h
End add "-h" parameter allows the daemon does not display any system information, only displays the login prompt.
(2) rewrite the "rc.local" file. By default, when the system log on Linux systems running rc.local file, show that the Linux distribution name, version, kernel version and the server name and other information, which makes a lot of system information was leaked. The "rc.local" file comment out the display code information, the system can not display this information.
One way is to display the first line of code information plus "#": ...... # echo ""> / etc / issue # echo "$ R" >> / etc / issue # echo "Kernel $ (uname -r) on $ a $ (uname -m) ">> / etc / issue ## echo >> / etc / issue ......
Another method is to save the system information file and issue /etc/issue.net deleted. These two files are used when the remote login and local login to provide relevant information to the user. Delete these two files at the same time, still we need to complete the method of one of the comments, otherwise, the system will automatically regenerate both files at startup.
(3) prohibits the provision of finger service. In the Linux system, using the finger command to display local or remote system currently logged in user details. Effective way prohibits the provision of finger service is by modifying the file attributes, permissions (to 600) so that only root users can execute the command.
(4) Processing "inetd.conf" file. Linux system through inetd (super server) programs based on network load network program request. The program through "/etc/inetd.conf" file for inetd which network port in the monitor, which specific services and other information for each port to start. Therefore, the file will also leak a lot of sensitive information. Solution to the problem is, by its authority to allow the root user access 600, and by rewriting "/etc/inetd.conf" file will not need to ban out of service procedures, and finally to modify the properties of the file so that it can not be modify.
to sum up
Buffer overflow attack has been able to become a common means of attack, the reason is too common buffer overflow vulnerabilities, and easy to implement attacks, buffer overflow problem has always been a problem.
Fortunately, OpenBSD development team to resolve the security problem using three new and effective strategies. I believe the near future, Linux users can no longer buffer overflow attacks and sleepless nights of.
RAR files in Linux use up
To deal with .rar file in Linux, you need to install RAR for Linux. The software can be downloaded from the Internet, but remember, it's not free. To use the following command to install: # tar -xzpvf rarlinux-3.2.0.tar.gz
# Cd rar
# Make
With the rar and unrar installed after the two procedures, rar is a compression program, unrar is decompression procedures. They parameter options are many, here only briefly, is still an example to illustrate its usage: # rar a all * .mp3
This command is all .mp3 files compressed into a rar package, called all.rar, the program will .rar extension will automatically be appended to the package name. # Unrar e all.rar
This command is to extract all the files in all.rar out. |
|
|
|