Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Secure Linux" Primer
Search
Toshiharu Harada / 原田 季栄
November 21, 2008
Technology
0
68
"Secure Linux" Primer
Toshiharu Harada / 原田 季栄
November 21, 2008
Tweet
Share
More Decks by Toshiharu Harada / 原田 季栄
See All by Toshiharu Harada / 原田 季栄
ジョブズは言う、「愛するものを見つけるんだ」と
haradats
0
97
メインライン化のご報告
haradats
0
110
2009年の「今」、セキュリティについて考える
haradats
0
66
Kernel Development: Drawing Lessons from Mistakes
haradats
0
320
What Does It Mean Being an Open Source Project Manager in Enterprise (Enterprise Edition)
haradats
0
160
What Does It Mean Being an Open Source Project Manager in Enterprise (Open Source Spirit Edition)
haradats
0
44
僕より少し遅く生まれてきた君たちへ
haradats
0
45
Realities of Mainlining - case of the TOMOYO Linux project -
haradats
0
55
TOMOYO Linux for Secure Embedded
haradats
0
53
Other Decks in Technology
See All in Technology
american aa airlines®️ USA Contact Numbers: Complete 2025 Support Guide
aaguide
0
230
AWS Organizations 新機能!マルチパーティ承認の紹介
yhana
1
280
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
27k
American airlines ®️ USA Contact Numbers: Complete 2025 Support Guide
airhelpsupport
0
390
United Airlines Customer Service– Call 1-833-341-3142 Now!
airhelp
0
170
SmartNewsにおける 1000+ノード規模 K8s基盤 でのコスト最適化 – Spot・Gravitonの大規模導入への挑戦
vsanna2
0
140
Should Our Project Join the CNCF? (Japanese Recap)
whywaita
PRO
0
340
無意味な開発生産性の議論から抜け出すための予兆検知とお金とAI
i35_267
5
13k
LLM時代の検索
shibuiwilliam
2
180
ゼロからはじめる採用広報
yutadayo
3
960
第4回Snowflake 金融ユーザー会 Snowflake summit recap
tamaoki
1
290
インフラ寄りSREの生存戦略
sansantech
PRO
0
260
Featured
See All Featured
The World Runs on Bad Software
bkeepers
PRO
69
11k
Gamification - CAS2011
davidbonilla
81
5.4k
The Language of Interfaces
destraynor
158
25k
A better future with KSS
kneath
238
17k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
22k
Navigating Team Friction
lara
187
15k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
KATA
mclloyd
30
14k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.5k
Designing for Performance
lara
610
69k
Scaling GitHub
holman
460
140k
Side Projects
sachag
455
42k
Transcript
'SFFEPN)&$5BJQFJ ༑ف೦తߨԋ l4FDVSF-JOVYz1SJNFS 5IFNPTUVOEFSTUBOEBCMFJOUSPEVDUJPOUPlTFDVSF-JOVYz /PWFNCFS ݪాقӫ 5PTIJIBSV)BSBEB /55%"5"$03103"5*0/
*BNQSPKFDUNBOHFSPG50.0:0-JOVY 50.0:0-JOVYJTPOFPGUIFBDUJWJUJFTUPlNBLF -JOVYNPSFTFDVSFz 4FDVSJUZJTOPUFBTZUPVOEFSTUBOEOPSVTFS GSJFOEMZ CVUJU`TJOEJTQFOTBCMF *XBOUFEUPIFMQZPVTUBSUZPVSKPVSOFZCZUIJT QSFTFOUBUJPO "CPVU
USJFTUPHJWFZPVUIFWFSZCBTJT GVOEBNFOUBM JOGPSNBUJPOPO-JOVYTFDVSJUZ *USJFEUPFYQMBJOCZJNBHFTJOTUFBEPGXPSET 1MFBTFSFMBY GFFMBOEFOKPZ 5IJTQSFTFOUBUJPO
l4FDVSF-JOVYzEPFTOPUFYJTU *U`TUIFVMUJNBUFHPBMUIBUXFDBOOFWFSSFBDI 4UJMMXFDBOUSZ UIBOL-JOVTGPSNBLJOH-JOVY PQFOTPVSDF 5IFSFBSFOVNCFSPGQSPKFDUTUSZJOHUP lFOIBODF-JOVYTFDVSJUZz l4FDVSF-JOVYz
4&-JOVY 4FDVSJUZ&OIBODFE-JOVY EFWFMPQFE CZ/4"JTEJTUJOHVJTIFEBOESFTQFDUFEGSPN PUIFSBUUFNQUTUPXBSETUIFHPBM 8IBUNBLFT4&-JOVYTQFDJBM *U`TlJOUSFFz QBSUPGUIFTUBOEBSE-JOVY TPVSDFDPEF *U`TGVMMZGVODUJPOBMBOENPTUQPXFSGVM
4&-JOVY
:FT5IFSFBSFNBOZ5PNBLFUIFXPSLlJOUSFFz JTBESFBNGPSEFWFMPQFST "QQ"SNPSCZ/07&--BOE50.0:0-JOVYCZ /55%"5"$03103"5*0/BSFSFMBUJWFMZOFX -,.- -JOVY,FSOFM.BJMJOH-JTU JTUIFQMBDFUP QSPQPTFBOEEJTDVTT-JOVYQSPHSBN )PXBCPVUlPVUPGUSFFz
4NBDL 4JNQMJpFE.BOEBUPSZ"DDFTT$POUSPM ,FSOFM EFWFMPQFECZ$BTFZ4DIBVqFSJTUIF PUIFSlJOUSFFzJNQMFNFOUBUJPO :PVDBO`UVTF4&-JOVYBOE4NBDLBUUIFTBNF UJNF5IJTJTEVFUPUIFMJNJUBUJPOPG-4. -JOVY 4FDVSJUZ.PEVMFT UIFTFDVSJUZGSBNFXPSLPG
-JOVY "OZPUIFSlJOUSFFz
8IZEPXFOFFEUPlFOIBODFz -JOVYTFDVSJUZ )PXDBOUIBUCFEPOF $IBQUFS
Prologue Why do we need to enhance Linux security?
None
None
ແ
ແ
උ
DAC The owner can set the access attributes for his/her
resource. This is called DAC (Discretionary Access Control). example: % chmod 600 my_diary
ڻ
None
None
• Unfortunately, DAC can be overridden • You should set
DAC carefully, but should not trust it • When is DAC broken?
જ
None
None
root user root user is not affected by DAC. root
user is the God (if your Linux is not “security enhanced” Linux)
જ
જ
None
ዼ
setuid a process invoked by a program with setuid attribute
will be given root privilege. that’s why you can change your password stored in /etc/ shadow which is posessed by “root”.
Why he lost his bonzes?
.BOEBUPSZ"DDFTT$POUSPM l4FDVSF-JOVYzCBTJD $IBQUFS
-JOVYIBTHPPEPMETFDVSJUZDBMMFE%"$ %JTDSFUJPOBSZ"DDFTT$POUSPM #VU%"$JTOPUTV⒏DJFOU 1BSUJDVMBSMZJGTPNFPOFTUPMFSPPUQSJWJMFHFPG ZPVSTZTUFN ZPVBSFBCTPMVUFMZPVUPGMVDL l1SJWJMFHFzJTUIFLFZ -FTTPOT-FBSOFE
$PVOUFSNFBTVSFT &MJNJOBUJOHSPPUBDDPVOUBOEQSJWJMFHFTDBOOPU TPMWFUIFQSPCMFN 4PUIFJTTVFJTIPXUPMJNJUUIFQSJWJMFHFT *UIBTCFFOTUVEJFEBOEJTOPXXFMMLOPXOBT l-FBTU1SJWJMFHFzQSJODJQMF DPNNPOUPFWFSZ PQFSBUJOHTZTUFNT
."$ .BOEBUPSZ"DDFTT$POUSPM 5IFTIPSUBHFTPG%"$BOEQPUFOUJBMUISFBUT %"$DBODBVTFIBWFCFFOTUVEJFEGPSPWFS UXFOUZZFBST ."$IBTCFFOJOUSPEVDFEUPBDIJFWFUIF-FBTU 1SJWJMFHFQSJODJQMF %"$%JTDSFUJPOBSZ"DDFTT$POUSPM ."$.BOEBUPSZ"DDFTT$POUSPM
)PX."$XPSLT ."$DPOUSPMTBDDFTTSFRVFTUTJO-JOVYLFSOFM l$POUSPMzNFBOTKVEHFNFOUTUPFMJNJOBUFSFKFDU JOBEFRVBUFBDDFTTSFRVFTUT )PXDBO."$EJTUJOHVJTIJOBEFRVBUFSFRVFTUT GSPNPUIFST QMFBTFUIJOL
."$JTBUPPM ."$EPFTOPU PSDBOOPU EJTUJOHVJTI JOBEFRVBUFSFRVFTUTGSPNPUIFST *UJTBMXBZTIVNBOUPKVEHFXIFUIFSSFRVFTUT BSFBEFRVBUF OFFEFE PSOPU
l1PMJDZz "ENJOJTUSBUPSTIBWFUPUFMM."$HPPEBOECBE SFRVFTUJOUFSNTPGBDDFTTSVMFEFpOJUJPOT 5IPTFEFpOJUJPOTBSFDBMMFElQPMJDZz "QQ"SNPS DBMMTEFpOJUJPOTBTlQSPpMFTz *G."$JTBOFOHJOFPGBDBS QPMJDZJTBGVFM :PVOFFEUPNBOBHFQPMJDJFT
1PMJDZJTJNQPSUBOU ."$KVTUXPSLTBTJUXBTUPME *GZPVGPSHFUUPHJWFSFRVJSFEBDDFTT ZPVS -JOVYCPYXJMMGBJMUPTFSWF *GZPVHJWFFYDFTTJWFBDDFTT ZPVXJMMIBWFNPSF DIBODFTUPDSBDLFST
lTFDVSF-JOVYzJNQMFNFOUBUJPOTUSZUPSFKFDU JOBQQSPQSJBUFBDDFTTSFRVFTU lJOBQQSPQSJBUFzNFOT NBMJDJPVTBDDFTT DSBDLJOH NJTTPQFSBUJPO ."$JTOPUPOMZGPSTFDVSJUZ
MBCFMFETFDVSJUZBOE QBUIBONFCBTFETFDVSJUZ $IBQUFS
MBCFMWTQBUIOBNF 5IFSFBSFUXPLJOETPGJNQMFNFOUBUJPOTGPS -JOVY."$ MBCFMCBTFEBOEQBUIOBNFCBTFE
-BCFMCBTFE4FDVSJUZ EFpOFlMBCFMzpSTU TQFDJGZQPMJDZVTJOH MBCFMT lMBCFMzJTTUPSFEBTBUUSJCVUFTPGYBUUS FYUFOEFE BUUSJCVUFT "TJOPEFJTUSVTUBCMFBT%/" %FPYZSJCP /VDMFJD"DJE
MBCFMJOGPSNBUJPOTUPSFECPVOEXJUI JOPEFJTUSVTUBCMF
1BUIOBNFCBTFE 4FDVSJUZ *OQBUIOBNFCBTFE."$MJLF50.0:0-JOVY BOE"QQ"SNPS QPMJDJFTBSFXSJUUFOBOETUPSFE VTJOHlQBUIOBNFz OPUlMBCFMz 5IPVHIUIFZBSFBMPUFBTJFSUPVTF lQBUIOBNFzJTTVCKFDUUPDIBOHFCZ
PQFSBUJPOTTVDIBTmountBOEchroot
8IJDIJTCFUUFS 'SPNJOGPSNBUJPOqPXDPOUSPMQPJOUPGWJFX MBCFMCBTFEBQQSPBDIJTTVQFSJPS 8IJMFMBCFMCBTFEBQQSPBDIIBTHPPEIJTUPSZ BOEBDBEFNJDBMMZQSPWFO QBUIOBNFCBTFE BQQSPBDIJTUPUBMMZBOFXDPNFS 1BUIOBNFCBTFEJNQMFNFOUBUJPOTBSFHPPE FOUSZQPJOUTUPTUVEZFYQMPSFS."$
l4FDVSF-JOVYzJOUSPEVDUJPO $IBQUFS
4FDVSJUZ&OIBODFE-JOVY 5IFpSTUlJOUSFFz."$JNQMFNFOUBUJPOPG-JOVY %FWFMPQFENBJOMZCZ/BUJPOBM4FDVSJUZ"HFODZ #BTFEPOUIF'MBTLTFDVSJUZBSDIJUFDUVSF 4&-JOVY IUUQXXXOTBHPWTFMJOVY
l4JNQMJpFE.BOEBUPSZ"DDFTT$POUSPM,FSOFMz 5IFTFDPOElJOUSFFz."$JNQMFNFOUBUJPOUP -JOVY TJODF %FWFMPQFECZBOJOEJWJEVBM $BTFZ4DIBVqFS 'VODUJPOBMJUJFTBSFESBTUJDBMMZTJNQMJpFEBTJUT OBNFTBZT 4NBDL IUUQTDIBVqFSDBDPN
1BUIOBNFCBTFE."$JNQMFNFOUBUJPOMJLF 50.0:0-JOVY /PUJOUFOEFEUPQSPUFDUUIFXIPMFTZTUFNMJLF 4&-JOVYEPTF"JNFEUPQSPUFDUTQFDJpD TFSWJDFTMJLFXFCTFSWFS "WBJMBCMFPO0QFO464& (FOUPPBOE6CVOUV "QQ"SNPS IUUQFOPQFOTVTFPSH"QQ"SNPS
1BUIOBNFCBTFE."$EFWFMPQFECZ/55%"5" $03103"5*0/ +BQBO )BTVOJRVFlMFBSOJOHNPEFz -JWF$%BWBJMBCMFGPS6CVOUVBOE$FOU04 50.0:0-JOVY IUUQFMJOVYPSH5PNPZP-JOVY IUUQUPNPZPTPVSDFGPSHFKQ
8BOUUPMFBSONPSF :PVDBOOPUDPNQBSFUIFNVOMFTTZPVQMBZXJUI UIFN BUMFBTUPOFPGUIFN *IBWFNZWFSTJPOPGBTJNQMJpFEDPNQBSJTPO DIBSU IPQFUIJTIFMQT IUUQUPNPZPTPVSDFGPSHFKQXJLJF 8IBU*T
5PPMT $IBQUFS
#SPXTJOHBOETFBSDIJOH-JOVY TPVSDFDPEFXJUIPVUEPXOMPBEJOH
Trademarks • Linux® is a registered trademark of Linus Torvalds
in the United States and other countries. • AppArmor® is a registered trademark of Novell, inc in the United States and other countries. • TOMOYO® is a registered trademark of NTT DATA CORPORATION in Japan.
Concept and story by Toshiharu Harada (NTT DATA CORPORATION) Illustration
by Yumiko Tatsumoto (NTT DATA CORPORATION) and Akira Igarashi in association with Studio Padre Special thanks to ͔͑Δ of NTT DATA CORPORATION ݟ ࠶
None