[COLUG] How Does Linux Security Work?

William Yang wyang at gcfn.net
Thu Aug 2 12:21:47 EDT 2007 

Mark Erbaugh wrote:

 > Feel free to point me to an online explanation.

   "Describe, in detail, the Universe.  And give five examples."

You may find using Google with the keywords "UNIX security model" to be 
helpful.  You may also find the same keywords give interesting places to 
start at Wikipedia.

Wikibooks seems to have a prominent link at wikipedia, with a sizably large 
collection of UNIX security textbook material online.

> I'm pretty much a consumer of Linux, although I'm able to do more and
> more with it. I'm currently using Ubuntu Dapper (6.06).
> 
> I'm curious how Linux security works.  Under Ubuntu, I usually run as a
> normal user, but for certain tasks I need to use sudo to run as
> (admin).  When I invoke the sudo command or when a graphical program
> (i.e. update manager) needs me to become root it asks for the password.
> Presumably this password is all that would keep a malicious program run
> as my user from becoming root.

I think there may be some level confusion here.  A 'sudo' process already 
has access to root privileges -- the password challenge is trying to figure 
out whether you're authorized to use it or not.  Sudo can be perceived as 
being dangerous, because if it has bugs, it could open your host up to 
serious problems.  Luckily, Sudo is reasonably well audited to avoid that 
kind of problem.  Of course, the trust question is whether you can trust 
the program that's capturing and using your password.

Ultimately, how much you trust your software is a question of how much you 
trust the source of that software.  Do you trust the people who package and 
ship Ubuntu?  Do you trust the people at the mail order fulfillment shop, 
or the computer superstore, or the local consumer electronics shop?  Do you 
trust the folks in Redmond?

If the only security tool you use is a password, then yes, capturing the 
password is probably sufficient to violate the security given an 
appropriately adaptive attacker.  Of course, if you have only one lock on 
the door, and the key is copied and available to an intruder, then your 
lock won't do a whole heck of a lot of good, either.

There are actually only minimal differences in terms of the effectiveness 
of the security models of Microsoft's Windows environment and the *IX 
environment (they're remarkably similar, actually).  The "big" differences 
come in the number of security-affecting bugs in the software, the ease 
with which one can misconfigure to be less secure, and the level of 
low-level documentation and understanding available in the field about the 
models and their uses.  And all of that is fluid and changes over time.

	-Bill
-- 
William Yang
wyang at gcfn.net

More information about the colug432 mailing list