Specifications
directory. The purpose of these files is to define special permissions, such
as world-writable directories or, for files, the setuser ID bits, which means
the corresponding program will not run with the permissions of the user
that has launched it, but with the permissions of the file owner, root in
most cases. An administrator may use the file /etc/permissions.local
to add his own settings. The variable PERMISSION_SECURITY, set in
/etc/rc.config, defines which of the above files is used by SuSE’s con-
figuration programs to set permissions accordingly. As a more convenient
way to select the files, use the submenu ‘Security’ in YaST or YaST2. To learn
more about the topic, read the comments in /etc/permissions or consult
the manual page of chmod (man chmod).
File Race Conditions
Assume that a program wants to create a file in a directory which is world-
writable (such as /tmp). First, the program checks whether the file already
exists and, if that is not the case, creates it. However, between checking and
file creation, there is a short moment which can be used by an attacker to
create a symbolic link, a pointer to another file. The program may then be
tricked into following the symbolic link, overwriting the target file with its
own permissions. This is called a race because the interval during which the
attacker can create a “symlink” is very short. The race is only possible if the
checking and file creation procedure is not atomic (indivisible). If the race
is allowed to take place at all, there is a chance that it may be won by the
attacker. It is all a matter of probability.
Buffer Overflows and Format String Bugs
Special care must be taken whenever a program is supposed to process data
which can or could be changed by a user, but this is more of an issue for the
programmer of an application than for regular users. The programmer has to
make sure that his application will interpret data in the correct way, without
writing them into memory areas that are too small to hold them. Also, the
program should hand over data in a consistent manner, using the interfaces
defined for that purpose.
A “buffer overflow” can happen if the actual size of a memory buffer is not
taken into account when writing to that buffer. There are cases where this
data (as generated by the user) uses up some more space than what is avail-
able in the buffer. As a result, data is written beyond the end of that buffer
area, which, under certain circumstances, makes it possible that a program
will execute program sequences influenced by the user (and not by the pro-
grammer), rather than just processing user data. A bug of this kind may
200 Security and Confidentiality