Inevitability of Unix host System Security Vulnerabilities

 
 
 
The security risks of Unix systems are analyzed as follows:

Security risks of operating system architecture

This is the root cause of computer system vulnerability. For example, many versions of Unix systems are developed using patches. Hackers can also use these patches. In addition, operating system programs can be dynamically linked, including I/O drivers and system services, but this also provides hackers with an opportunity. For example, a hacker can modify the soft link/dev/rmt/0 of a tape device and add a backdoor program, when you execute commands such as tar cvf/dev/rmt/0 *, the backdoor program may be activated to generate the vulnerability. However, Operating System Support Program dynamic link and Data dynamic exchange are essential functions for modern operating system integration and expansion, so there is a self-contradiction.

Security risks of Process Creation and Remote Procedure Call (RPC)

On the one hand, the Unix operating system supports remote loading of programs. On the other hand, it can create processes and create and activate remote processes on network nodes. The created process can inherit the permissions of the parent process. These two factors work together to provide the possibility for hackers to install "spyware" software on remote servers.

Security risks of system daemon

The daemon process is actually a group of system processes. They always wait for the corresponding conditions to appear. once the conditions are met, the process continues. These process features can be exploited by hackers. It is worth noting that the key is not the daemon itself, but whether such daemon has the same rights as the operating system core layer software.

In fact, when Unix was just developed, security was not a major concern. Its security model is designed for small or medium-sized working groups in LAN environments. The Internet worm event in 1988 is an obvious evidence that security measures at the system level are not enough. Despite the establishment of the Computer Emergence Response Team (CERT) caused by the worm event, and the increased security awareness of system vendors and system administrators, however, people's awareness and preparation of security issues are far behind the capabilities and Determination of professional and amateur hackers. Fortunately, many OEM security components and third-party products can provide sufficient protection for WWW, FTP, and Email Unix servers at risk.

Latency of application software in security design

At present, many applications running on the Internet are designed to defend against hacker attacks. Applications of the Client/Server structure designed for the LAN are directly connected to the Internet without any modifications, and are then attacked. This risk persists even if the software is protected by firewalls and other security measures.

Practice shows that no matter how secure an application may seem, the tools used to develop and run the program or even the components used to protect it may have security vulnerabilities, this makes the security of the software very fragile. That is to say, software security is a system engineering. The components that interact with each other of the system must be measured, developed, and maintained using the unified security scale. For example, if the system calls the function get (), if it is isolated, there is no fatal security vulnerability.

However, when hackers use a privileged program to use the get () function to do not check the parameter length defects, create a buffer overflow and execute a Shell, the common user becomes the root user. It can be seen that in an interactive system, a small design defect may cause a fatal vulnerability.

Difficulty in Security Evaluation of Application Software

Due to the large scale and complicated design of software code running on the Internet such as WWW and Email, it is necessary to prove theoretically the security of such complex programs, it is still a world challenge to be broken through. A common method to evaluate software security is to detect software security vulnerabilities in specific use, or even detect and fix software security vulnerabilities through hacker attacks.

For the security risks of Unix systems, we should learn more and learn more.