IT302 Homework 2
The NSA has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. It recognizes the critical role of operating system security mechanisms in supporting security at higher levels.
End systems must be able to enforce confidentiality and integrity requirements to provide system security. Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. Application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed ...view middle of the document...
The flexibility of the system allows the policy to be modified and extended to customize the security policy as required for any given installation.
Researchers in the National Information Assurance Research Laboratory of the National Security Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a strong, flexible mandatory access control architecture based on Type Enforcement, a mechanism first developed for the LOCK system. The NSA and SCC developed two Mach-based prototypes of the architecture: DTMach and DTOS. The NSA and SCC then worked with the University of Utah's Flux research group to transfer the architecture to the Fluke research operating system. The architecture was enhanced to provide better support for dynamic security policies named Flask. The NSA integrated the Flask architecture into the Linux® operating system to transfer the technology to a larger developer and user community.
On Unix-like operating systems, such as Linux, a chroot jail is the common expression used to describe a section of a filesystem that is sectioned off for a particular user. On a web server, it is particularly useful for the security of shared hosting accounts.
Without a chroot jail, a user with limited file permissions would still be able to navigate to top-level directories. As an example, suppose the user’s directory is /home/user. Without chroot, nothing would prevent the user from navigating up to /home to see other users’ directories or even navigating up to / where they can see /etc, /usr, /var, /lib, and other system-critical directories. Although the user would not have the permissions to edit them, they would be able to see the files and target specific ones to try to exploit.
It is not just a matter of trust. By allowing your user access, you also allow anyone who can hack their account access. That just creates one more weak link in your security fence.
Many control panels that reconfigure web servers for shared hosting will automatically create chroot directories for user accounts. There is also software that can help you more easily create chroot jails. One such software suite is called Jailkit, which is available for free.
Another important use for chroot is for virtualization. With a virtual private server (vps), the user has a complete operating system installed within a chroot directory. As a result, even though the user has root privileges for his or her own account, the user cannot access higher directories and would not even be aware that they exist (on a technical level). In other words, if the user is in /var/chroot/vhosts/user/, there is no way to move up beyond that /user directory. It will appear to the user as the default root directory, which is /.
Chroot is very useful for basic preventative security, but it is not designed to prevent deliberate attempts to gain root access and attack a server. Chroot helps tremendously to at least make it more...