Length: 60 minutes

This was originally written for the Philadelphia Linux User Group in December 2005.

The slides

• Classic Unix Security Problems
• Unix Security
• Process permissions
• setuid bit
• setuid problems
• /bin/su
• chroot
• close
• Environmental problems
• IFS
• Race conditions
• Running Processes
• Attacking the Super User
• Running Processes
• Buffer overflow
• Morris Worm
• NCSA finger gateway
• Password file
• Password guessing
• Thanks

Further reading

While I was writing this talk, I consulted a number of sources to remind me of details of how certain attacks worked.

The classic paper about Unix security is Dennis Richie's On the security of UNIX. This was distributed as part of the printed documentation for many early Unix systems.

I also found Daniel J. Bernstein's class notes helpful in reminding me of the mechanics of some of the attacks, particularly the "close stderr" attack. Bernstein's own web page about the class is here.

Other papers and references I consulted are in this directory.

Return to: Universe of Discourse main page | Perl Paraphernalia | Other Classes and Talks