CSE 80 -- Lecture 17 -- Mar 4

The topic today is Unix security. I went over the 9 rwx permission bits on files and directories, and also mentioned the 2 setgid/setuid bits.

We went over the password authentication mechanism, the idea of a hot-key or secure attention sequence to provide a trusted path to the operating system, the lack of a trusted path in Unix, the idea of a Trojan horse login program, the lack of a trusted path when logging onto a machine via the network (via telnet, for example), and I also mentioned the existence of better protocols for authentication.

We went over the strength of passwords -- did a quick back-of-the-envelope calculation of the search time needed to break into an account assuming randomly chosen passwords, and showed that it would take many years. We went over the weaknesses of passwords: users chose poor ones, and the trusted path assumption (above).

I also went over the fingerd bug which the Internet Worm exploited to propagate itself from one machine to the next. (It also attacked passwords using a dictionary and exploited other common security holes.)

[ CSE 80 | ACS home | CSE home | CSE calendar | bsy's home page ]
picture of bsy

bsy@cse.ucsd.edu, last updated Tue Mar 18 15:49:43 PST 1997.

email bsy