First of all we see su in man help page for an explanation, that is to say by su-runashellwithsubstituteuserandgroupIDs su we do not provide user and group name you can start a shell program.
Su is a binary executable file, command file path which is/bin/su, the following is from the command line query su file type and the path: case study 1: islab $ whic su/bin/su case study two: islab $ file/bin/su/bin/su: setuidELF32-bitLSBsharedobject, Intel80386, version1 (SYSV), forGNU/Linux2.6.9, stripped cases III: islab $ ll/bin/su-rwsr-xr-x1rootroot24060Jan102007/bin/su cases and cases II we can see the su is a setuid program (the setuid bit chmodu + s can be used, such as ls displays su file owner property hired setuid bit), in this case, you can get su than its owner higher privileges, i.e. run su, your permission will be promoted, with root permissions equivalent. Case study three we can see the file type is ELF32-bitLSBsharedobject (set the setuid bit), which means that the program requires libc functions library, also requires the use of the ELF interpreter, and comply with the LSB specification. Question: normal user can copy from other machines in the su command. A: they can copy from the other machine su command, but they will not be able to su to correct permissions settings such as chownroot and chmodu + s, and so on. So the copy over the su is not working correctly. Question 2: how to prevent normal users from executing the su command. A: 1.) You can set up a special group, only members of the group to perform the su command islab # groupaddweelislab # useraddweelislab # chownroot: mysql/bin/bas islab # chmod4750/bin/su2). Only the root user can perform the su command. islab#chmod4700/bin/su3)。 By pam library implementation only wheel group membership required to perform the su command, the following example adds the account to the wheel group zhaoke. Islab # groupaddweelislab # useraddweelislab # usermod-Gwheelzhaokeislab # ll/lib/security/pam_wheel.so-rwxr-xr-x1rootroot5692Feb222007/lib/security/pam_wheel.soislab # vi/etc/pam.d/su increase following line authrequired/lib/security/pam_wheel.souse_uid then save exit su profile. Question three: the average user though unable to perform the su command, but it is also possible through brute force attacks to obtain root password answer: normal user can shell or ssh on the root account for brute force attacks. We can consider a number of security tools such as pam_abl for ssh for protection. Pam_abl will be able to set the time on error log-in account to a temporary block. Of course, normal users can also elevate privileges through program vulnerabilities such as buffer overflows.
No comments:
Post a Comment