Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sloppy File Permissions Make Red Star OS Vulnerable

Posted by Soulskill on from the helps-to-feed-your-developers dept.

An anonymous reader writes: Red Star OS Desktop 3.0, the official Linux distro of North Korea, which recently found its way onto torrents and various download sites in form of an ISO image, is interesting for a number of reasons, including its attempt to look like commercial operating systems (currently OS X, earlier versions mimicked the Windows GUI). Hackers are also poking Red Star for security vulnerabilities. An pseudonymous researcher noted in a post to the Open Source Software Security (oss-sec) mailing list, that the OS has one significant security hole: Red Star 3.0 ships with a world-writeable udev rule file /etc/udev/rules.d/85-hplj10xx.rules (originally designed for HP LaserJet 1000 series printers) which can be modified to include RUN+= arguments executing arbitrary commands as root by Udev. In the post he also mentions how the older Red Star 2.0 shipped with another schoolboy mistake: /etc/rc.d/rc.sysinit was world-writeable.

9 of 105 comments (clear)

  1. Good ol' 777 by MisterSquid · · Score: 4, Insightful

    Whenever I see devs take the stupid shortcut of "chmod 777" I wonder what is the brain drain for these "professionals" that they can't figure out how to enable make use of "chown root:admin" and then "chmod g+x", or whatever's the appropriate level of permissions for the task at hand.

    How can developers be so lazy and so security naive? It's like using signal lights when driving. Just do it because it makes for good habits.

    --
    blog
    1. Re:Good ol' 777 by MichaelSmith · · Score: 3, Insightful

      Unix doesn't help much. I mean if apache can't read /home/me/www/path/to/index.html the OS isn't going to tell you its because of the permissions on /home. Meanwhile you have given up and gone chmod -R 777 /

      --
      http://michaelsmith.id.au
    2. Re:Good ol' 777 by MichaelSmith · · Score: 4, Insightful

      What I mean is that cat /home/me/www/path/to/index.html will say Permission denied but it won't say Permission denied reading /home/me

      --
      http://michaelsmith.id.au
    3. Re: Good ol' 777 by Anonymous Coward · · Score: 1, Insightful

      ... and changing directory a few times to investigate takes all of a few seconds. If you can't be bothered to spend this time on doing it properly, please step down and let someone else have your job.

    4. Re: Good ol' 777 by Megol · · Score: 4, Insightful

      Good thing you don't design user interfaces.

      On the other hand, perhaps it was you who designed the Windows 8 metro UI? It would explain a lot...

    5. Re:Good ol' 777 by Jeremi · · Score: 4, Insightful

      Because that would give information to a potential attacker! You don't make security problems easy to diagnose!

      Security through obscurity, eh?

      No thanks. Either the system is secure (even against an expert hacker), and therefore no security is lost by providing informative error messages.... or the system is insecure, in which case no security is gained by making the error messages hard to understand.

      Deliberately obfuscating error messages only makes the system harder to use by its legitimate users (and therefore more likely to be bypassed in ways that compromise security) while doing nothing to keep hackers out.

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    6. Re:Good ol' 777 by sjames · · Score: 3, Insightful

      Better than being one of those assholes that likes to call people an idiot.

      There is always an aspect of obscurity to secrecy. In OPs example, the exact structure of the underlying filesystem. In mine, the user and pass. In both cases the mechanism is known. Many server admins make an effort not to reveal too much of the underlying structure to the outside and wouldn't appreciate the http server revealing all of it to the world.

  2. Re:not great, but probably not very important eith by dbIII · · Score: 3, Insightful

    Unix/Linuxs permission system is 70-era bit-saving stupid. There is no other way to put it.

    Some alternatives sound nice but fail horrificly when the come in contact with people, especially the ones that let any people within a group grant access to others with zero oversight. Within a short period of time with such a "everyone can grant or deny access" scheme you end up with almost everything wide open and occasional calls when the paranoid have locked themselves and everyone else out of something and forgotten the password - and it's typically something business critical (as in people need to get to it so they can do their job) but not actually sensitive with only a few people normally allowed to get to it. So the superuser is locked out - what do you do? Well such things are normally not well thought out in any way at all so you crack in with ease, especially since you have full access to the hardware, which kind of makes the whole idea of having permissions that lock out the superuser look pretty silly doesn't it?

    So while user/group/all looks simplistic and kind of sucks in some cases there's nothing else that's really shown itself to be good enough to gain traction apart from where mandated by a vendor.

    When a developer meets the limit of what can be expressed with a single-group me-us-everybody, he will often look for the path of least resistance

    Saw that - first day at a new site and the developer that had been looking after things rebooted both the primary domain server and secondary domain server at the same time in the middle of a working day, for some trivial fix that didn't need to be done immediately and probably didn't even need a reboot. Of course they were also serving most of the files and all the printing as well. It's a mindset not a skillset. He knew what would happen but there was a fix for something so it had to be done NOW so he could get it out of the way without having to worry about it later. Consequences didn't matter, after all the new guy was there to take all the angry phone calls.

  3. Re:not great, but probably not very important eith by Antique+Geekmeister · · Score: 3, Insightful

    The old POSIX compliant user-group-others model does have some limitations. The non-root user can't arbitrarily add another individual user to have access or deny access, and only root users or site admins have access to create new groups. In the older systems, such as in UNIX's /etc/group and /etc/passwd, groups cannot contain other groups directly and there's a maximum line length on the number of characters in the "/etc/group" line. This gets quite awkward if you have hundreds of members of a group, or want to be able to say "all members of this group, *except* this one account, should have access to this". It means you have to add a new group and reset all files to owned and managed by that group: it can become painful to administer.

    When compared to the obscure rat's nest of ownership in NTFS, however, I can see why the old POSIX ACL's have remained in use. And let's make not be confused, in the Windows world it is _extremely_ common to leave file ownership profoundly broken.