"Secure Linux" Primer

'SFFEPN)&$5BJQFJ ୆೔༑޷ف೦తߨԋ l4FDVSF-JOVYz1SJNFS 5IFNPTUVOEFSTUBOEBCMFJOUSPEVDUJPOUPlTFDVSF-JOVYz /PWFNCFS ݪాقӫ 5PTIJIBSV)BSBEB /55%"5"$03103"5*0/

*BNQSPKFDUNBOHFSPG50.0:0-JOVY 50.0:0-JOVYJTPOFPGUIFBDUJWJUJFTUPlNBLF -JOVYNPSFTFDVSFz 4FDVSJUZJTOPUFBTZUPVOEFSTUBOEOPSVTFS GSJFOEMZ CVUJU`TJOEJTQFOTBCMF *XBOUFEUPIFMQZPVTUBSUZPVSKPVSOFZCZUIJT QSFTFOUBUJPO "CPVU

USJFTUPHJWFZPVUIFWFSZCBTJT GVOEBNFOUBM JOGPSNBUJPOPO-JOVYTFDVSJUZ *USJFEUPFYQMBJOCZJNBHFTJOTUFBEPGXPSET 1MFBTFSFMBY GFFMBOEFOKPZ 5IJTQSFTFOUBUJPO

l4FDVSF-JOVYzEPFTOPUFYJTU *U`TUIFVMUJNBUFHPBMUIBUXFDBOOFWFSSFBDI 4UJMMXFDBOUSZ UIBOL-JOVTGPSNBLJOH-JOVY PQFOTPVSDF 5IFSFBSFOVNCFSPGQSPKFDUTUSZJOHUP lFOIBODF-JOVYTFDVSJUZz l4FDVSF-JOVYz

4&-JOVY 4FDVSJUZ&OIBODFE-JOVY EFWFMPQFE CZ/4"JTEJTUJOHVJTIFEBOESFTQFDUFEGSPN PUIFSBUUFNQUTUPXBSETUIFHPBM 8IBUNBLFT4&-JOVYTQFDJBM *U`TlJOUSFFz QBSUPGUIFTUBOEBSE-JOVY TPVSDFDPEF *U`TGVMMZGVODUJPOBMBOENPTUQPXFSGVM
4&-JOVY

:FT5IFSFBSFNBOZ5PNBLFUIFXPSLlJOUSFFz JTBESFBNGPSEFWFMPQFST "QQ"SNPSCZ/07&--BOE50.0:0-JOVYCZ /55%"5"$03103"5*0/BSFSFMBUJWFMZOFX -,.- -JOVY,FSOFM.BJMJOH-JTU JTUIFQMBDFUP QSPQPTFBOEEJTDVTT-JOVYQSPHSBN )PXBCPVUlPVUPGUSFFz

4NBDL 4JNQMJpFE.BOEBUPSZ"DDFTT$POUSPM ,FSOFM EFWFMPQFECZ$BTFZ4DIBVqFSJTUIF PUIFSlJOUSFFzJNQMFNFOUBUJPO :PVDBO`UVTF4&-JOVYBOE4NBDLBUUIFTBNF UJNF5IJTJTEVFUPUIFMJNJUBUJPOPG-4. -JOVY 4FDVSJUZ.PEVMFT UIFTFDVSJUZGSBNFXPSLPG
-JOVY "OZPUIFSlJOUSFFz

8IZEPXFOFFEUPlFOIBODFz -JOVYTFDVSJUZ )PXDBOUIBUCFEPOF $IBQUFS

Prologue Why do we need to enhance Linux security?

DAC The owner can set the access attributes for his/her
resource. This is called DAC (Discretionary Access Control). example: % chmod 600 my_diary

• Unfortunately, DAC can be overridden • You should set
DAC carefully, but should not trust it • When is DAC broken?

root user root user is not affected by DAC. root
user is the God (if your Linux is not “security enhanced” Linux)

setuid a process invoked by a program with setuid attribute
will be given root privilege. that’s why you can change your password stored in /etc/ shadow which is posessed by “root”.

Why he lost his bonzes?

.BOEBUPSZ"DDFTT$POUSPM l4FDVSF-JOVYzCBTJD $IBQUFS

-JOVYIBTHPPEPMETFDVSJUZDBMMFE%"$ %JTDSFUJPOBSZ"DDFTT$POUSPM #VU%"$JTOPUTV⒏DJFOU 1BSUJDVMBSMZJGTPNFPOFTUPMFSPPUQSJWJMFHFPG ZPVSTZTUFN ZPVBSFBCTPMVUFMZPVUPGMVDL l1SJWJMFHFzJTUIFLFZ -FTTPOT-FBSOFE

$PVOUFSNFBTVSFT &MJNJOBUJOHSPPUBDDPVOUBOEQSJWJMFHFTDBOOPU TPMWFUIFQSPCMFN 4PUIFJTTVFJTIPXUPMJNJUUIFQSJWJMFHFT *UIBTCFFOTUVEJFEBOEJTOPXXFMMLOPXOBT l-FBTU1SJWJMFHFzQSJODJQMF DPNNPOUPFWFSZ PQFSBUJOHTZTUFNT

."$ .BOEBUPSZ"DDFTT$POUSPM 5IFTIPSUBHFTPG%"$BOEQPUFOUJBMUISFBUT %"$DBODBVTFIBWFCFFOTUVEJFEGPSPWFS UXFOUZZFBST ."$IBTCFFOJOUSPEVDFEUPBDIJFWFUIF-FBTU 1SJWJMFHFQSJODJQMF %"$%JTDSFUJPOBSZ"DDFTT$POUSPM ."$.BOEBUPSZ"DDFTT$POUSPM

)PX."$XPSLT ."$DPOUSPMTBDDFTTSFRVFTUTJO-JOVYLFSOFM l$POUSPMzNFBOTKVEHFNFOUTUPFMJNJOBUFSFKFDU JOBEFRVBUFBDDFTTSFRVFTUT )PXDBO."$EJTUJOHVJTIJOBEFRVBUFSFRVFTUT GSPNPUIFST QMFBTFUIJOL

."$JTBUPPM ."$EPFTOPU PSDBOOPU EJTUJOHVJTI JOBEFRVBUFSFRVFTUTGSPNPUIFST *UJTBMXBZTIVNBOUPKVEHFXIFUIFSSFRVFTUT BSFBEFRVBUF OFFEFE PSOPU

l1PMJDZz "ENJOJTUSBUPSTIBWFUPUFMM."$HPPEBOECBE SFRVFTUJOUFSNTPGBDDFTTSVMFEFpOJUJPOT 5IPTFEFpOJUJPOTBSFDBMMFElQPMJDZz "QQ"SNPS DBMMTEFpOJUJPOTBTlQSPpMFTz *G."$JTBOFOHJOFPGBDBS QPMJDZJTBGVFM :PVOFFEUPNBOBHFQPMJDJFT

1PMJDZJTJNQPSUBOU ."$KVTUXPSLTBTJUXBTUPME *GZPVGPSHFUUPHJWFSFRVJSFEBDDFTT ZPVS -JOVYCPYXJMMGBJMUPTFSWF *GZPVHJWFFYDFTTJWFBDDFTT ZPVXJMMIBWFNPSF DIBODFTUPDSBDLFST

lTFDVSF-JOVYzJNQMFNFOUBUJPOTUSZUPSFKFDU JOBQQSPQSJBUFBDDFTTSFRVFTU lJOBQQSPQSJBUFzNFOT NBMJDJPVTBDDFTT DSBDLJOH NJTTPQFSBUJPO ."$JTOPUPOMZGPSTFDVSJUZ

MBCFMFETFDVSJUZBOE QBUIBONFCBTFETFDVSJUZ $IBQUFS

MBCFMWTQBUIOBNF 5IFSFBSFUXPLJOETPGJNQMFNFOUBUJPOTGPS -JOVY."$ MBCFMCBTFEBOEQBUIOBNFCBTFE

-BCFMCBTFE4FDVSJUZ EFpOFlMBCFMzpSTU TQFDJGZQPMJDZVTJOH MBCFMT lMBCFMzJTTUPSFEBTBUUSJCVUFTPGYBUUS FYUFOEFE BUUSJCVUFT "TJOPEFJTUSVTUBCMFBT%/" %FPYZSJCP /VDMFJD"DJE
MBCFMJOGPSNBUJPOTUPSFECPVOEXJUI JOPEFJTUSVTUBCMF

1BUIOBNFCBTFE 4FDVSJUZ *OQBUIOBNFCBTFE."$MJLF50.0:0-JOVY BOE"QQ"SNPS QPMJDJFTBSFXSJUUFOBOETUPSFE VTJOHlQBUIOBNFz OPUlMBCFMz 5IPVHIUIFZBSFBMPUFBTJFSUPVTF lQBUIOBNFzJTTVCKFDUUPDIBOHFCZ
PQFSBUJPOTTVDIBTmountBOEchroot

8IJDIJTCFUUFS 'SPNJOGPSNBUJPOqPXDPOUSPMQPJOUPGWJFX MBCFMCBTFEBQQSPBDIJTTVQFSJPS 8IJMFMBCFMCBTFEBQQSPBDIIBTHPPEIJTUPSZ BOEBDBEFNJDBMMZQSPWFO QBUIOBNFCBTFE BQQSPBDIJTUPUBMMZBOFXDPNFS 1BUIOBNFCBTFEJNQMFNFOUBUJPOTBSFHPPE FOUSZQPJOUTUPTUVEZFYQMPSFS."$

l4FDVSF-JOVYzJOUSPEVDUJPO $IBQUFS

4FDVSJUZ&OIBODFE-JOVY 5IFpSTUlJOUSFFz."$JNQMFNFOUBUJPOPG-JOVY %FWFMPQFENBJOMZCZ/BUJPOBM4FDVSJUZ"HFODZ #BTFEPOUIF'MBTLTFDVSJUZBSDIJUFDUVSF 4&-JOVY IUUQXXXOTBHPWTFMJOVY

l4JNQMJpFE.BOEBUPSZ"DDFTT$POUSPM,FSOFMz 5IFTFDPOElJOUSFFz."$JNQMFNFOUBUJPOUP -JOVY TJODF %FWFMPQFECZBOJOEJWJEVBM $BTFZ4DIBVqFS 'VODUJPOBMJUJFTBSFESBTUJDBMMZTJNQMJpFEBTJUT OBNFTBZT 4NBDL IUUQTDIBVqFSDBDPN

1BUIOBNFCBTFE."$JNQMFNFOUBUJPOMJLF 50.0:0-JOVY /PUJOUFOEFEUPQSPUFDUUIFXIPMFTZTUFNMJLF 4&-JOVYEPTF"JNFEUPQSPUFDUTQFDJpD TFSWJDFTMJLFXFCTFSWFS "WBJMBCMFPO0QFO464& (FOUPPBOE6CVOUV "QQ"SNPS IUUQFOPQFOTVTFPSH"QQ"SNPS

1BUIOBNFCBTFE."$EFWFMPQFECZ/55%"5" $03103"5*0/ +BQBO )BTVOJRVFlMFBSOJOHNPEFz -JWF$%BWBJMBCMFGPS6CVOUVBOE$FOU04 50.0:0-JOVY IUUQFMJOVYPSH5PNPZP-JOVY IUUQUPNPZPTPVSDFGPSHFKQ

8BOUUPMFBSONPSF :PVDBOOPUDPNQBSFUIFNVOMFTTZPVQMBZXJUI UIFN BUMFBTUPOFPGUIFN *IBWFNZWFSTJPOPGBTJNQMJpFEDPNQBSJTPO DIBSU IPQFUIJTIFMQT IUUQUPNPZPTPVSDFGPSHFKQXJLJF 8IBU*T

5PPMT $IBQUFS

#SPXTJOHBOETFBSDIJOH-JOVY TPVSDFDPEFXJUIPVUEPXOMPBEJOH

Trademarks • Linux® is a registered trademark of Linus Torvalds
in the United States and other countries. • AppArmor® is a registered trademark of Novell, inc in the United States and other countries. • TOMOYO® is a registered trademark of NTT DATA CORPORATION in Japan.

Concept and story by Toshiharu Harada (NTT DATA CORPORATION) Illustration
by Yumiko Tatsumoto (NTT DATA CORPORATION) and Akira Igarashi in association with Studio Padre Special thanks to ͔͑Δ޻๪ of NTT DATA CORPORATION ݟ ࠶

"Secure Linux" Primer

"Secure Linux" Primer

More Decks by Toshiharu Harada / 原田 季栄

Other Decks in Technology

Featured

Transcript

More Decks by Toshiharu Harada / 原田季栄