security in ubuntu

Discussion in 'all things UNIX' started by The Red Moon, Jun 6, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Yep. But any distro with LSM will let the user confine it and Ubuntu/Mint, the two most popular user distros come with it enabled by default.

    I'm not really asking for that much, really. Definitely nothing hardware intensive. I'm not really asking for anything as I will be providing this myself in (hopefully) the next 6 months - 1 year.

    I don't think even an educated user can be blamed (not that this is what you're saying.) We're simply incapable of practical analysis. An antivirus heuristics engine is looking at the code itself, it's checking it against trends in malware, it's incredibly complex. We're amazing beings but we're not designed for that and we're very trusting. Blaming humans for being human is just lazy.
     
  2. guest

    guest Guest

    In latest Windows versions, "automatic" services are trigger-started. Which means they are off by default, only on when they are needed. See: http://windowsteamblog.com/windows/...igger-start-services-part-1-introduction.aspx

    @HM, Windows services run isolated. See: http://windowsteamblog.com/windows/b/developers/archive/2009/10/01/session-0-isolation.aspx
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I know they're isolated. That's to stop shatter attacks. If they're attacked they still have admin rights and can do anything they like.

    The difference is that in XP everything is "user 0" (admin) and can interact with any other process in that user account. This is separated in Vista to prevent shatter attacks - one of the reasons why XP is so easily exploited.

    It's great but entirely irrelevant because it's two different types of attack. If one of your user 0 services is exploited you're still screwed.
     
  4. guest

    guest Guest

    Now you want services to not have admin rights.

    I can't even imagine the nightmare of compatibility issues that such a move would bring to the platform.

    I hope Microsoft keeps improving the services to be resistant against attacks instead of simply removing their rights.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Literally none at all. If a service can perform its tasks and nothing but its tasks there will be literally no compatibility issues by definition. Instead you've got the print service able to:
    1) communicate with all other services
    2) do anything it likes to the system

    Cupsd does just fine in AppArmor. It runs as root, has quite a lot of capabilities, but significantly low file access rights.

    You can't get that on Windows. Instead you get Stuxnet attacking a printer service.
     
  6. guest

    guest Guest

    You are thinking about one service and one scenario usage. Apps use many other services for many other scenarios.

    For example, what would happen with Chrome's auto-updating service if it couldn't have file access rights?

    There was a vulnerability that allowed it. It was fixed. There is no need to break printer devices.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Why would it not have file access rights? It will have those file access rights but only what it needs. That's what least privilege is, the least amount of access given that the program can function and do exactly what it needs to do and nothing else.

    Hardly the end of the story. There will always be vulnerabilities and they will never all be fixed in any complex program that changes over time.

    If a service is exploited on Windows your system is compromised.
    If a service is exploited on Linux... it's stuck in the apparmor sandbox (assuming we're talking about one of the ones that comes with apparmor.)

    If appcontainer works the way I hope it does (ie: nearly exactly like apparmor) Windows 8 will be much closer to Ubuntu.
     
  8. guest

    guest Guest

    You're assuming that one can catalog all the programs in existence that make use of services and see exactly what they need to do.

    Yeah, right.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    No, I'm not. I'm talking purely about Windows services right now, which I think we can agree are Microsoft's duty to secure, yes?

    In terms of protecting all programs there's no way to implement least privilege through MAC without developer cooperation.
     
  10. guest

    guest Guest

    So, what Windows services are vulnerable? How can they be further restricted without breaking some of the insane number of third-party (old and new) apps/drivers/whatever that may use them?
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    How should I know? I don't know the details of which files and capabilities each Windows service should have. It should be obvious that they don't need as many rights as they have because why does my DNS cache service need the ability to read my documents folder (example) ?

    Internet facing services on Ubuntu, like the printer/file sharing service, are apparmor'd and restricted quite a lot.
     
  12. guest

    guest Guest

    How do you know that your DNS cache is reading your documents folder?
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    It's not about what it's doing it's about what it can do. It has full read access to the entire system.

    The syslog service on Linux needs root. On Windows such a service would therefor have access to the entire file system and capabiltiies.

    On Linux it runs in an apparmor profile that significantly limits it.

    r = read, m = mmap, w = write, ix = inherit execution, etc

    Instead of accessing the entire file system it can pretty much only read/ write to a small set of folders/ files.

    If it were compromised my personal data in /home/ would be safe and my system would not be in peril.

    Again, were this on Windows the entire system would be read/writable.
     
  14. guest

    guest Guest

    Where are you checking the access rights of each native Windows service?
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    They run at the System Integrity. Any service running as Admin/ System can read/write to the entire file system. That's how integrity works. If you can find anything showing me otherwise please do.

    edit: Or anything running as "High" can. System is a separate level that works differently. Such a pain int he ass to find out what can/ can't be accessed.
     
  16. guest

    guest Guest

    Can't you use SetACL to "fix" the permissions to whatever you want?

    I'm very noob with these technical things. Be patient, lol.
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Looks pretty cool. It's possible that it allows you to work with them. Chrome does something with XP's ACLs at least.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.