Network Security |
||||
Most Unix utilities (and Unix itself) are written in C. C is a very powerful and fast language. It gets its power by not doing things the programmer might not need all the time. One of the things left to the programmer is the checking and limitation of
the amount of data typed in at a prompt. C retrieves all the input and places it in memory for use by the program. If too much data is typed in, that data can overwrite other data storage areas in memory and or parts of the program itself. When it’s the
program that’s overwritten, it’s possible for that data to be executed following the return from the entry. In normal buffer overflow situations the program would normally crash. However, if the over-writing data is actually executable code, then that
data can take over the program. Any rights/privileges the program has can be put to performing unauthorised tasks.
Contact the vendor of your operating system. They will have the list of patches that should be applied to your system to bring it up to the latest known secure configuration.
After that, you still can’t relax. You’ll need to ensure that any future vulnerabilities are attended to as soon as they appear.
If you’re not careful, adding new software or upgrading already installed software can result in the un-doing of patches.
Many of the patches that have been released have been to update program libraries (code stores used when building programs). In-house software will need to be recompiled using the upgraded libraries so that they no longer suffer from the same vulnerabilities as the operating system. Similarly for externally sourced software. It must be recompiled with the non-vulnerable libraries and reloaded.
Clifford was astounded to find that many computers in secure military installations were not secure themselves.
Web Author: Geoff May.
Last Update: 09/09/98 Copyright © 1998 by Network Business Services Pty Ltd. All Rights Reserved. |