Most certainly this is not the end of system security. Nobody can protect you from every possible security problem because new issues are continually being found (and we can't predict the future well enough yet to know where problems will be found tomorrow). The computer world, especially 'the' internet, is growing quickly. So quickly that much of the software in use has not been tested for an extended period of time yet.
This is not ment to sound threatening or scary, it is just the truth. We live in a world where we have to look after ourselves a bit. Hopefully this document will help you out in the wonderful world of Computer Science.
My apologies for the misuse of the name 'Eve'. Typically that name has been used strictly with respect to an evil person in discussions of cryptography. Here it used to refer to whoever wants access to your account or files.
Suppose Eve is having trouble with an assignment and you're done. If she were desperate enough she may be tempted to steal your work. Maybe Eve wants to commit some act and doesn't want it traced back to her. She could hide behind your account and you could be blamed.
Read the agreement you signed to get your account. You are responsible for EVERYTHING that happens through that account. If you leave your terminal unattended and your account gets used for something who do think is going to be questioned? Even if you don't care about your files being erased you should still protect your account.
The first thing to do when you get your account is to change the default password. To do this type the command passwd. You will be prompted for your current password. This is to confirm that you really are the owner of the account. Next you will be asked twice for the new password you would like. This is because you may make a typing mistake as you can't see the characters while you enter them. The keystrokes are not shown on the screen because Eve may be looking over your shoulder as you type your new password.
A sample password change would look like this:
darkstar:~$ passwd Changing password for frink Old password: Enter the new password (minimum of 5, maximum of 8 characters) Please use a combination of upper and lower case letters and numbers. New password: Bad password: too simple. Try again. New password: Re-enter new password: Password changed. darkstar:~:$We can see that the first password I tried was too simple to guess so it made me pick a harder one. This is to prevent 'dictionary attacks' where every word in the dictionary is tried as a password. This also make 'brute forcing' take longer. Brute forcing the password is done by trying combinations 'aaaa', 'aaab', 'aaac' and so on. But what makes a good password? A password should:
When creating passwords we try to do two things. First it has to be hard to guess, often the attacker knows us. Second we are trying to make it computationally difficult to work out. An attacker may use a program that tries to login using your login ID and every possible password.
Change your Computer Science password as soon as you get your account. The department will try to crack your password by trying many possibilities. If they succeed your account WILL be suspended. This is to protect everyone on the system. If they can crack your password then Eve probably could too.
1) Base permissions ---> 666 ( 110 110 110 or rw- rw- rw- ) 2) umask ---> 022 ( 000 010 010 or --- -w- -w- ) ------------------------------------------------------------------- 3) Final permissions ---> 644 ( 110 100 100 or rw- r-- r-- )
1) Base permissions ---> 777 ( 111 111 111 or rwx rwx rwx ) 2) umask ---> 022 ( 000 010 010 or --- -w- -w- ) ------------------------------------------------------------------- 3) Final permissions ---> 755 ( 111 101 101 or rwx r-x r-x )
sh-2.04$ umask 022When we type the umask command our shell tells us that the umask is currently set to 022. So if we create a file the group write and other write bits should be masked out (and all execute bits because this is a file not a directory).
sh-2.04$ touch asdf sh-2.04$ ls -l asdf -rw-r--r-- 1 frink users 0 Aug 1 23:14 asdfThis certainly looks like the case. Notice that the execute bits are not set for anyone. Now lets change our umask so that only the bits for ourself will be allowed through.
sh-2.04$ umask 077 sh-2.04$ touch qwerty sh-2.04$ ls -l qwerty -rw------- 1 frink users 0 Aug 1 23:15 qwerty sh-2.04$So we want our umask to be 077 all of the time to keep our files from being set to 644 by default. The easy way to do this is put the line
umask 077in one of your startup script files. If you are using BASH then ~/.bash_profile works. For CSH or TCSH you can use ~/.cshrc.
Here is one more example:
bash-2.05$ ls -la total 4 drwxr-xr-x 2 frink users 512 Mar 1 23:01 . drwxr-xr-x 3 frink users 512 Mar 1 23:01 .. bash-2.05$ umask 022 bash-2.05$ touch afile bash-2.05$ mkdir adir bash-2.05$ ls -la total 6 drwxr-xr-x 3 frink users 512 Mar 1 23:02 . drwxr-xr-x 3 frink users 512 Mar 1 23:01 .. drwxr-xr-x 2 frink users 512 Mar 1 23:02 adir -rw-r--r-- 1 frink users 0 Mar 1 23:02 afile bash-2.05$ umask 077 bash-2.05$ touch file2 bash-2.05$ mkdir dir2 bash-2.05$ cat > nonemptyfile this file has stuff in it. bash-2.05$ ls -la total 8 drwxr-xr-x 4 frink users 512 Mar 1 23:02 . drwxr-xr-x 3 frink users 512 Mar 1 23:01 .. drwxr-xr-x 2 frink users 512 Mar 1 23:02 adir -rw-r--r-- 1 frink users 0 Mar 1 23:02 afile drwx------ 2 frink users 512 Mar 1 23:02 dir2 -rw------- 1 frink users 0 Mar 1 23:02 file2 -rw------- 1 frink users 27 Mar 1 23:02 nonemptyfile bash-2.05$
darkstar:~$ echo $PATH /usr/local/bin:/bin:/usr/bin:/usr/games darkstar:~$The semicolons separate the actual paths to be checked. Often this list will include the current working directory, denoted as a dot much like:
.:/usr/local/bin:/bin:/usr/bin:/usr/gamesThe 'trick' goes as follows. Eve puts a nasty program named 'ls' into her home directory. Then she tells you she is having some problems with her account and asks you to have a look. Being the nice person you are you type the following:
cd ~eve lsAt this point the damage is done. Whatever her 'ls' program did has been done and it was done as your user ID! It could have been something like:
#!/bin/sh cp ~/cpsc231/as1.cc /tmp chmod 666 /tmp/as1.cc ls /bin/rm -f lsThis would copy your as1.cc file into the temp directory and give everyone permission to read it. Just to be sneaky it calls 'ls' too so you don't even notice anything wrong.   - try this with 'ls -l' and you will notice but the damage would be done and the evidence is gone.   :)
The only reason her program would work is that the current working directory is the first thing in YOUR $PATH variable. This is why the dot should not appear in your path at all.
darkstar:~$ ls -l .bash_history -rw-r--r-- 1 frink users 5633 Jul 28 20:44 .bash_history darkstar:~$ chmod 600 .bash_history darkstar:~$ ls -l .bash_history -rw------- 1 frink users 5633 Jul 28 20:44 .bash_history darkstar:~$ exitThe historical reason for protecting this file is to keep people from finding passwords that were used on a command line. You shouldn't have to enter passwords on a command line but it's still a good idea to keep people from reading what you have been doing.
PGP works using a public-key system. It is called public key because we give out a key for the world to use. Anyone can find my public key and use it to encipher a message. Then the enciphered message gets sent to me (usually by email). Next I have to use my private-key and my secret 'pass phrase' to decipher the message. We call it a pass phrase and not a password because it can be many lines long. This make brute forcing much more difficult.
Because PGP 5.0i is available on the CPSC Sparc servers it will be used to illustrate PGP in the following examples.
To generate a new key pair you would type
pgpk -gYou will be asked to chose a key type. Pick RSA because more people will be able to use it. You need a more recent version to use DSS. Next pick the strength you want to use 1024 or 2048 should be fine. Next you have to enter a key ID. Use the format shown on the screen. (ie FirstName LastName < firstname.lastname@example.org > ) Next you are asked how many days you want this key to be valid (ie. how long you want to use it). Most people just enter 0 which means 'never expires'. This is fine to do. If you use news keys frequently then you should have better security but it is more work. Now the fun part, it wants a pass phrase. A single sentence is a good idea but don't use any line that has been published (ie 'Luke I am your father.' or 'To be or not to be.').
The next step is to enter some random keystroke's. Here PGP is measuring the time in between each key to get random numbers for it's calculations. And the last step. PGP wants to know if you want to send your new key to a 'key server'. A key server keeps a list of many PGP keys so if you wanted to find Bob's key you would just ask the key server. Just leave this blank. That way if anyone wants you're key they have to get it directly from you.
The next thing you want to do is extract your new public key so you can give it out. To do this type pgpk -x USERNAME > pub_key.asc where USERNAME is your ID part of your email address. We redirected the output to the pub_key.asc file. Now when you want to give someone your public key you just give them a copy of this file. You can email it or put it on your webpage. To see what it looks like type cat pub_key.asc. When people give you their public keys you have to add them to your public key-ring. We do this with the pgpk -a FILENAME where FILENAME is the name of the file with the key in it (for us this was pub_key.asc).
When you want to encipher something with someones public key their public key must be on your public key-ring. The command is pgpe -a -r BOB -o OUTFILE INFILE. The -a means ASCII output so the output is safe to email. The -r BOB means BOB is the recipient (ie who we are enciphering this for). The -o OUTFILE means that we should use OUTFILE as the name of the enciphered message file. Lastly INFILE is the name of the file with the message we are enciphering. Now all we have to do is send the enciphered file (OUTFILE) off to BOB and BOB can use his private key and pass phrase to decipher it. Traditionally the OUTFILE has a .asc extension to denote an ASCII file.
When Alice sends you an enciphered file you have to use the command pgpv INFILE to read it. INFILE is the name of the file with the enciphered message in it. You will be asked for you pass phrase. After entering the pass phrase PGP will probably create a new file without a .asc extension in your current directory. You can now read the new file with more or cat.