Oracle "unbreakable linux" mortal after all?

Created by Stuart Yeates (University of Oxford) on December 5, 2006

You'd think that that Oracle, after dubbing their version of Linux Unbreakable Linux would have been very, very careful about the security, particularly the security practises that they were seen to be advising on their website.

Take a look at their Adding New Nodes to Your Oracle RAC 10g Cluster on Linux tutorial. Most of it's all good stuff: users and groups for file permissions, ssh certificates for validation of remote connections, and so forth. But look at the .bash_profile recommended in step seven:

...
export PATH=.:${PATH}:$HOME/bin:$ORACLE_HOME/bin
export PATH=${PATH}:$ORA_CRS_HOME/bin
export PATH=${PATH}:/usr/bin:/bin:/usr/bin/X11:/usr/local/bin:/sbin
...

These three lines build the PATH variable, which is defines where the shell looks for executables to run when they're given without absolute paths, and the order it which to look. Security aware readers will have noticed that the order is a problem here.

By having "." as the first component in the path, when commands are run from the command line, the shell will always look first in the current directory first. Security dictates that directories should be listed from most secure to least secure, and "." probably shouldn't be there at all. Executables in the current directory can be run using ./<executable> .

To see why this might be a problem, consider these three commands, which mount a USB memory stick, change directory to it and list the contents:

mount /dev/sda1/ /media/usb
cd /media/usb
ls

The problem arises if there is an executable directory called "ls" in the root directory of the memory stick, when it is run, rather than the system executable.

On a well-secured system this won't be a problem, of course, because the many-layered UNIX security model will ensure that: untrusted partitions are mounted with the noexec flag; that users know what's on random media and don't mount untrusted media on production systems; and so forth. But a combination of two or three little slips like this, and suddenly there is no security.

cheers, stuart

(Oracle website checked 12:15 5th December 2006)

Stuart's blog
Login or register to post comments
4132 reads

		Oracle "unbreakable linux" mortal after all? Created by Stuart Yeates (University of Oxford) on December 5, 2006 You'd think that that Oracle, after dubbing their version of Linux Unbreakable Linux would have been very, very careful about the security, particularly the security practises that they were seen to be advising on their website. Take a look at their Adding New Nodes to Your Oracle RAC 10g Cluster on Linux tutorial. Most of it's all good stuff: users and groups for file permissions, ssh certificates for validation of remote connections, and so forth. But look at the `.bash_profile` recommended in step seven: ... export PATH=.:${PATH}:$HOME/bin:$ORACLE_HOME/bin export PATH=${PATH}:$ORA_CRS_HOME/bin export PATH=${PATH}:/usr/bin:/bin:/usr/bin/X11:/usr/local/bin:/sbin ... These three lines build the PATH variable, which is defines where the shell looks for executables to run when they're given without absolute paths, and the order it which to look. Security aware readers will have noticed that the order is a problem here. By having "." as the first component in the path, when commands are run from the command line, the shell will always look first in the current directory first. Security dictates that directories should be listed from most secure to least secure, and "." probably shouldn't be there at all. Executables in the current directory can be run using ./<executable> . To see why this might be a problem, consider these three commands, which mount a USB memory stick, change directory to it and list the contents: mount /dev/sda1/ /media/usb cd /media/usb ls The problem arises if there is an executable directory called "ls" in the root directory of the memory stick, when it is run, rather than the system executable. On a well-secured system this won't be a problem, of course, because the many-layered UNIX security model will ensure that: untrusted partitions are mounted with the `noexec` flag; that users know what's on random media and don't mount untrusted media on production systems; and so forth. But a combination of two or three little slips like this, and suddenly there is no security. cheers, stuart (Oracle website checked 12:15 5th December 2006) bash \| Linux \| open_source \| Oracle \| Security Stuart's blog Login or register to post comments 4132 reads
		© Copyright 1999-2009 EDUCAUSE Need Help? \| Feedback \| Privacy Policy
	Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.