User Account

All Pages

How a child process gets its environment variables

Assignment Help Other Subject
Reference no: EM132993255

UFCFVN-30-M Computer & Network Security

Environment Variable and SET-UID Lab

Aims and Objectives
The learning objective of this lab is for students to understand how environment variables affect program and system behaviours. Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer. They are used by most operating systems, since they were introduced to Unix in 1979. Although environment variables affect program behaviours, how they achieve that is not well understood by many programmers. As a result, if a program uses environment variables, but the programmer does not know that they are used, the program may have vulnerabilities.

In this lab, students will understand how environment variables work, how they are propagated from parent process to child, and how they affect system/program behaviours. We are particularly interested in how environment variables affect the behaviour of Set-UID programs, which are usually privileged programs.

This lab covers the following topics:
• Environment variables
• Set-UID programs
• Securely invoke external programs
• Capability leaking
• Dynamic loader/linker

Lab Tasks
Task 1: Manipulating Environment Variables

In this task, we study the commands that can be used to set and unset environment variables. We are using the Bash shell in the ‘uwe' user account. The default shell that a user uses is set in the /etc/passwd file (the last field of each entry). You can change this to another shell program using the command chsh (please do not do it for this lab).

Here is the output from the tail of the default VM /etc/passwd file:
$ tail /etc/passwd rtkit:x:118:126:RealtimeKit,,,:/proc:/bin/false saned:x:119:127::/var/lib/saned:/bin/false usbmux:x:120:46:usbmux daemon,,,:/var/lib/usbmux:/bin/false vboxadd:x:999:1::/var/run/vboxadd:/bin/false telnetd:x:121:129::/nonexistent:/bin/false sshd:x:122:65534::/var/run/sshd:/usr/sbin/nologin ftp:x:123:130:ftp daemon,,,:/srv/ftp:/bin/false bind:x:124:131::/var/cache/bind:/bin/false mysql:x:125:132:MySQL Server,,,:/nonexistent:/bin/false uwe:x:1000:1000:uwe,,,:/home/uwe:/bin/bash

Question: What is the difference between a user shell of /usr/sbin/nologin and /bin/false? Explain the difference.

Please do the following tasks:
• Use the printenv or env command to print out the environment variables. If you are interested in some particular environment variables, such as PWD, you can use "printenv PWD" or "env | grep PWD".
• Use export and unset to set or unset environment variables. It should be noted that these two commands are not separate programs; they are two of the Bash's internal commands (you will not be able to find them outside of Bash).
Proof: Demonstrate proof of the above commands.

Task 2: Passing Environment Variables from Parent Process to Child Process

In this task, we study how a child process gets its environment variables from its parent. In Unix, fork() creates a new process by duplicating the calling process. The new process, referred to as the child, is an exact duplicate of the calling process, referred to as the parent; however, several things are not inherited by the child (please see the manual of fork() by typing the following command: man fork). In this task, we would like to know whether the parent's environment variables are inherited by the child process or not.

Step 1. Please compile and run the following program, and describe your observation. Because the output contains many strings, you should save the output into a file, such as using a.out > child (assuming that a.out is your executable file name).

Step 2. Now comment out the printenv() statement in the child process case (Line ?), and uncomment the printenv() statement in the parent process case (Line ?). Compile and run the code again, saving the output in another file.

Question: Describe your observations between the two programs and suggest why this may be.

Task 3: Environment Variables and execve()

In this task, we study how environment variables are affected when a new program is executed via execve(). The function execve() calls a system call to load a new command and execute it; this function never returns. No new process is created; instead, the calling process's text, data, bss, and stack are overwritten by that of the program loaded. Essentially, execve() runs the new program inside the calling process. We are interested in what happens to the environment variables; are they automatically inherited by the new program?

Step 1. Please compile and run the following program, and describe your observation. This program simply executes a program called /usr/bin/env, which prints out the environment variables of the current process.

Question: Describe your observations of the program and explain what you think is happening.

Step 2. Change the invocation of execve() in Line ? to the following;
execve("/usr/bin/env", argv, environ);
Question: Describe your observations of the changed program.

Step 3. Question: Please draw your conclusion regarding how the new program gets its environment variables.

Task 4: Environment Variables and system()
In this task, we study how environment variables are affected when a new program is executed via the system() function. This function is used to execute a command, but unlike execve(), which directly executes a command, system() actually executes "/bin/sh -c command", i.e., it executes /bin/sh, and asks the shell to execute the command.
If you look at the implementation of the system() function, you will see that it uses execl() to execute /bin/sh; execl() calls execve(), passing to it the environment variables array.
Therefore, using system(), the environment variables of the calling process is passed to the new program /bin/sh.

Task 5: Environment Variable and Set-UID Programs
Set-UID is an important security mechanism in Unix operating systems. When a Set-UID
program runs, it assumes the owner's privileges. For example, if the program's owner is root, then when anyone runs this program, the program gains the root's privileges during its execution. Set- UID allows us to do many interesting things, but it escalates the user's privilege when executed, making it quite risky. Although the behaviours of Set-UID programs are decided by their program logic, not by users, users can indeed affect the behaviours via environment variables. To understand how Set-UID programs are affected, let us first figure out whether environment variables are inherited by the Set-UID program's process from the user's process.
Step 1. Write the following program that can print out all the environment variables in the current process.

Step 2. Compile the above program, change its ownership to root, and make it a Set-UID
program.

Step 3. In your shell (you need to be in a normal user account, not the root account), use the export command to set the following environment variables (they may already exist):
• PATH
• LD LIBRARY PATH
• <YOUR_SURNAME> (this is an environment variable defined by you, so pick your Surname).
These environment variables are set in the user's shell process. Now, run the Set-UID program from Step 2 in your shell. After you type the name of the program in your shell, the shell forks a child process, and uses the child process to run the program. Please check whether all the environment variables you set in the shell process (parent) get into the Set-UID child process.
Question: Describe your observation. If there are surprises to you, describe them.

Task 6: The PATH Environment Variable and Set-UID Programs
Because the shell program is invoked, calling system() within a Set-UID program is quite dangerous. This is because the actual behaviour of the shell program can be affected by environment variables, such as PATH; these environment variables are provided by the user, who may be malicious. By changing these variables, malicious users can control the behaviour of the Set-UID program. In Bash, you can change the PATH environment variable in the following way (this example adds the directory /home/uwe to the beginning of the PATH environment variable):
$ export PATH=/home/uwe:$PATH
The Set-UID program below is supposed to execute the /bin/ls command; however, the programmer only uses the relative path for the ls command, rather than the absolute path:

Please compile the above program, and change its owner to root, and make it a Set-UID program. Can you let this Set-UID program run your code instead of /bin/ls? If you can, is your code running with the root privilege?

Question: Describe and explain your observations.

Task 7: The LD_PRELOAD Environment Variable and Set-UID Programs
In this task, we study how Set-UID programs deal with some of the environment variables. Several environment variables, including LD_PRELOAD, LD_LIBRARY_PATH, and other LD * influence the behaviour of dynamic loader/linker. A dynamic loader/linker is the part of an operating system (OS) that loads (from persistent storage to RAM) and links the shared libraries needed by an executable at run time.
In Linux, ld.so or ld-linux.so, are the dynamic loader/linker (each for different types of binary). Among the environment variables that affect their behaviours, LD_LIBRARY_PATH and LD_PRELOAD are the two that we are concerned in this lab. In Linux, LD_LIBRARY_PATH is a colon-separated set of directories where libraries should be searched for first, before the standard set of directories. LD_PRELOAD specifies a list of additional, user-specified, shared libraries to be loaded before all others. In this task, we will only study LD_PRELOAD.
Step 1. First, we will see how these environment variables influence the behaviour of dynamic loader/linker when running a normal program. Please follow these steps:
1. Let us build a dynamic link library. Create the following program, and name it mylib.c. It basically overrides the sleep() function in libc:

2. We can compile the above program using the following commands (in the -lc argument, the
second character is a lower case ‘L' not a ‘1'/'one'):

3. Now, set the LD PRELOAD environment variable:

4. Finally, compile the following program myprog, and in the same directory as the above dynamic link library libmylib.so.1.0.1:

Step 2. After you have done the above, please run myprog under the following conditions, and observe what happens.
• Make myprog a regular program, and run it as a normal user.
• Make myprog a Set-UID root program, and run it as a normal user.
• Make myprog a Set-UID root program, export the LD PRELOAD environment variable again in the root account and run it.
• Make myprog a Set-UID user1 program (i.e., the owner is user1, which is another user account), export the LD PRELOAD environment variable again in a different user's account (not-root user) and run it.
Question: You should be able to observe different behaviours in the scenarios described above, even though you are running the same program. Note the different behaviours of the 4 programs here.

Step 3. Explain why the behaviours in the four different programs in Step 2 are different.

Task 8: Invoking External Programs Using system() versus execve() Although system() and execve() can both be used to run new programs, system() is quite dangerous if used in a privileged program, such as Set-UID programs. We have seen how the PATH environment variable affect the behaviour of system(), because the variable affects how the shell works. execve() does not have the problem, because it does not invoke shell. Invoking shell has another dangerous consequence, and this time, it has nothing to do with environment variables. Let us look at the following scenario.
Bob works for an auditing agency, and he needs to investigate a company for a suspected fraud. For the investigation purpose, Bob needs to be able to read all the files in the company's Unix system; on the other hand, to protect the integrity of the system, Bob should not be able to modify any file.
To achieve this goal, Vince, the superuser of the system, wrote a special set-root-uid program (see below), and then gave the executable permission to Bob. This program requires Bob to type a file name at the command line, and then it will run /bin/cat to display the specified file. Since the program is running as a root, it can display any file Bob specifies. However, since the program has no write operations, Vince is very sure that Bob cannot use this special program to modify any file.

Step 1: Compile the above program, make it a root-owned Set-UID program. The program will use system() to invoke the command. If you were Bob, can you compromise the integrity of the system? For example, can you remove a file that is not writable to you?
Step 2: Comment out the system(command) statement, and uncomment the execve() statement; the program will use execve() to invoke the command. Compile the program, and make it a root-owned Set-UID. Do your attacks in Step 1 still work?
Question: Please describe and explain your observations for Step 1 and Step 2.

Task 9: Capability Leaking
To follow the Principle of Least Privilege, Set-UID programs often permanently relinquish their root privileges if such privileges are not needed anymore. Moreover, sometimes, the program needs to hand over its control to the user; in this case, root privileges must be revoked. The setuid() system call can be used to revoke the privileges. According to the manual, "setuid() sets the effective user ID of the calling process. If the effective UID of the caller is root, the real UID and saved set-user-ID are also set". Therefore, if a Set-UID program with effective UID 0 calls setuid(n), the process will become a normal process, with all its UIDs being set to n.
When revoking the privilege, one of the common mistakes is capability leaking. The process may have gained some privileged capabilities when it was still privileged; when the privilege is downgraded, if the program does not clean up those capabilities, they may still be accessible by the non-privileged process. In other words, although the effective user ID of the process becomes non- privileged, the process is still privileged because it possesses privileged capabilities.

Compile the following program, change its owner to root, and make it a Set-UID program. Run the program as a normal user, and describe what you have observed. Before running this program, you should create the file /etc/zzz first.
Question: Will the file /etc/zzz be modified? Please explain your observation.

Lab Clean-up
Restore the symlink for /bin/sh to point to /bin/dash which we modified in section "0
Task 6: The PATH Environment Variable and Set-UID Programs".

Further research and a real-world case study
Produce an 800-1000-word report detailing the following:
1. Investigate and explain how the dash shell countermeasures work with regard to dash being executed from within a Set-UID process. (approximately 400 words)

2. A real-world case study involving security issues with privileged SetUID binaries. For example, CVE-2021-26936 was published on 10th February 2021, which demonstrates that these basic issues security principles can still be lacking today.

Find and research a real-world case study involving SET-UID programs. Explain what the security incident was, how the incident arose, and any potential mitigations that could have been taken to avoid the issue. (approximately 600 words)

Attachment:- Computer and Network Security.rar

Reference no: EM132993255

Questions Cloud

Should Elephant delivery service record the interest payment : Barry paid interest of 3000 on a personal loan of 40000 that he used to begin the business. Should Elephant delivery service record the interest payment
Determine the cost assigned to ending inventory using fifo : Salmone Company reported the purchases and sales. Determine the cost assigned to the ending inventory using FIFO. Salmone uses a perpetual inventory system.
Discuss the influence of those rules on auditor independence : Discuss the influence of those rules on auditor independence? Discuss the impact of those rules on the auditing business filed
What is net profit earned by Rose Ltd in the month of May : Rose Ltd was set up on 1 May 20X8 with opening capital of £1,000. What is the net profit earned by Rose Ltd in the month of May 20X8
How a child process gets its environment variables : How a child process gets its environment variables from its parent. In Unix, fork() creates a new process by duplicating the calling process.
Would the journal entry to dispose of underapplied overhead : Would the journal entry to dispose of the underapplied or overapplied overhead increase or decrease the company's gross margin? By how much
What is the sum of the discounted cash flows : What is the sum of the discounted cash flows? You are given a 3 year project which will a projected net income of P4,000 in year P8,000.
Does marginal cost pricing or full cost pricing make : Does marginal cost pricing or full cost pricing make more sense? Is the optimal pricing strategy the same in the short run as in the long run?
What is the current tax expense for the current year : At the beginning of current year, the entity reported deferred tax asset at zero and deferred tax liability at 90,000. What is the current tax expense

Reviews

Write a Review

Other Subject Questions & Answers

  What are some reasons that mixed methods should be used

Mixed methods research takes advantage of using multiple ways to explore a research problem. Basic characteristics of mixed method research includes.

  How the united states government should combat this trend

I would also like you to provide your opinion on how the United States Government should combat this trend

  Project design lead to the outcomes you envision

A good  Research proposal will address the following questions in a manner clear to both specialists and non-specialists: Goals and Objectives: What precisely are you hoping to accomplish?

  The code of hammurabi and the twelve tables were designed to

The code of Hammurabi and the twelve Tables were designed to? Studying oral histories, archaeological evidence and cultural histories are methods most often used by?

  Understanding of the relationship between nature and nurture

From the original Galton study, discuss the value of twin studies to an understanding of the relationship between nature and nurture.

  What did hospital billing unit determine the future value

An uninsured patient who underwent emergency surgery at Memorial Hospital owes $10,000 for the services that he received. Because he will be unable.

  How the historical-cultural information you have researched

Building on your work for Unit 3 "Complete," you are to show how the historical/cultural information you have researched shapes your understanding.

  What is the chemical symbol of arsenic

What is the chemical symbol of arsenic

  One-time tax rate-social services initiatives

Real estate magnate Donald Trump once proposed a one-time tax of 14.25 percent on the net wealth of every American with more than $10 million

  What are possible factors that influence your arousal

It is a sport-specific state anxiety scale developed by Martens, Vealey, and Burton (1990). The scale divides anxiety into three components: cognitive anxiety.

  Transaction between text and reader

Formalist criticism focuses on the literary text itself, especially its structure and genre. Rhetorical criticism is audience-centered, focused on the "transaction" between text and reader. Historical criticism focuses on the historical context of th..

  Contractualism edited by stephan darwell

Im reading this book called Contractarianism/Contractualism Edited by Stephan Darwell for my Intro to Philosophy class, and I'm having trouble understanding it because it's so "dry" to read. Could you possibly find me a website that will help me bett..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd