Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Guidelines for Running a Secure System
Chapter 8 777
• Do not use the creat() system call to make a lock file. Use lockf()
or fcntl() instead. See lockf (2) and fcntl (2).
• Be especially careful to avoid buffer overruns, such as through the
use of sprintf(), strcpy(), and strcat() without proper
parameter length validation. See printf (3S) and string (3C).
Guidelines for System Initialization
Most HP-supplied setuid-to-root programs begin by setting up a safe
operating environment by establishing the following conditions:
• Limiting environment variables to only those necessary for proper
program operation.
Since Trojan Horses typically attack improperly set PATH and IFS
variables, these are set to predetermined values. PATH is set to
/usr/bin. IFS is set to space, tab, newline. All other environment
variables are deleted. See environ (5).
• All file descriptors other than standard input, standard output and
standard error are closed. See close (2).
• All alarms are turned off. All interval timers are set to zero. See
getitimer (2).
These safeguards increase assurance that known programs are executed
in a known environment.
Guidelines for Trusted Backup and Recovery
• Use only fbackup and frecover to back up and recover files
selectively. Only fbackup and frecover retain access control lists
(ACLs). Use the -A option of these commands when backing up and
recovering files for use on systems that do not implement ACLs. See
fbackup (1M) and frecover (1M).
• If you plan to recover the files to another system, be sure that the
user’s user name and group name on both systems are consistent.
• Remember that your backup media is sensitive material. Allow
access to the media only on the basis of proven need.
• Label backup tapes and store them securely. Offsite storage provides
maximum security. Keep archives for a minimum of six months, then
recycle the media.