Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
51525354555657585960
Enforce restrictive use of privileged programs through the following administrative and
programming recommendations:
Use setuid and setgid only when absolutely necessary.
Make sure that no setuid program is writable by others.
Whenever possible, use setgid instead of setuid to reduce the scope of damage
that might result from coding flaws or breaches of security.
Periodically search the file systems for new or modified setuid and setgid
programs. You can use the ncheck -s command.
Know exactly what the setuid and setgid programs do, and verify that they do
only what is intended. Failing this, remove the program or its setuid attribute.
If you must copy a setuid program, make sure that the modes are correct on the
destination file.
Write setuid programs so that they can be tested on noncritical data, without
setuid or setgid attributes. Apply these attributes only after the code has been
reviewed and all affected departments are satisfied that the new programs maintain
security.
Make sure that a setuid program does not create files writable by anyone other
than its intended user.
Reset the euid before an exec* system call. Be aware that exec* can be called
within other library routines, and be wary of using routines (including popen,
system, execlp, and execvp) that fork a shell to execute a program. See exec(2),
popen(3S), and system(3S) for more information.
When writing setuid programs, use setresuid around the pieces of code that
require privileges, to reduce the window of vulnerability. See setresuid(2) for more
information.
Close all unnecessary file descriptors before calling exec*.
Ensure that all variables (PATH, IFS) and the umask value in the program's
environment are sufficiently restrictive.
Do not use the creat system call to make a lock file. Use lockf or fcntl instead.
See lockf(2) and fcntl(2) for more information.
Be especially careful to avoid buffer overruns, for example, by using sprintf,
strcpy, and strcat without proper parameter length validation. See printf(3S)
and string(3C) for more information.
2.7 Preventing Stack Buffer Overflow Attacks
The passing of large amounts of data to a program is called a stack buffer overflow
attack. Usually, the data contains commands that the program is tricked into executing.
These attacks are used to gain unauthorized access to the system, to destroy or alter
data, or to cause denial of service to legitimate users.
To monitor for stack buffer overflow attacks, watch for the following changes:
52 Administering User and System Security