Unix Security

Question 1

What is the primary purpose of the ‘setuid’ bit in UNIX?

A) To allow users to execute scripts

B) To enable a process to run with the file owner’s privileges

C) To restrict file execution

D) To change file ownership

Answer 1

B) To enable a process to run with the file owner’s privileges

Explanation:
The setuid bit allows a user to run an executable with the permissions of the file owner, typically used to allow access to privileged operations.

Question 2

Which command is used to change the group ownership of a file in UNIX?

A) chmod

B) chown

C) chgrp

D) groupmod

Answer 2

C) chgrp

Explanation:
chgrp changes the group ownership of a file. chown changes the file owner.

Question 3

In UNIX, what does the permission ‘rwxr-xr–’ signify?

A) Owner: read, write, execute; Group: read, execute; Others: read

B) Owner: read, execute; Group: write, execute; Others: read

C) Owner: read, write; Group: read; Others: execute

D) Owner: write, execute; Group: read; Others: read

Answer 3

A) Owner: read, write, execute; Group: read, execute; Others: read

Explanation:
rwxr-xr– breaks down as owner (rwx), group (r-x), others (r–).

Question 4

Which of the following is a vulnerability associated with symbolic links in UNIX?

A) Buffer overflow

B) Race condition

C) Link traversal

D) Stack smashing

Answer 4

C) Link traversal

Explanation:
Symbolic links can trick a program into accessing or modifying unintended files, leading to vulnerabilities like privilege escalation or data leaks.

Question 5

What does the ‘nosuid’ mount option do in UNIX?

A) Disables execution of binaries

B) Ignores set-user-identifier or set-group-identifier bits

C) Prevents mounting of the filesystem

D) Enables device files

Answer 5

B) Ignores set-user-identifier or set-group-identifier bits

Explanation:
nosuid prevents execution of binaries with setuid/setgid bits, a key mitigation against privilege escalation.

Question 6

Which user ID is associated with the superuser in UNIX systems?

A) 0

B) 1

C) 100

D) 999

Answer 6

A) 0

Explanation:
UID 0 is reserved for the superuser or root in UNIX.

Question 7

What is the function of the ‘chroot’ command in UNIX?

A) Changes the root password

B) Changes the root directory for a process

C) Deletes the root directory

D) Grants root privileges to a user

Answer 7

B) Changes the root directory for a process

Explanation:
chroot confines a process to a specific directory subtree, often used to sandbox services.

Question 8

In UNIX, which file contains encrypted user passwords?

A) /etc/passwd

B) /etc/shadow

C) /etc/group

D) /etc/login.defs

Answer 8

B) /etc/shadow

Explanation:
/etc/shadow contains encrypted passwords and is readable only by root.

Question 9

Which of the following is a discretionary access control mechanism in UNIX?

A) Mandatory Access Control

B) Role-Based Access Control

C) File permissions (read, write, execute)

D) Access Control Lists

Answer 9

C) File permissions (read, write, execute)

Explanation:
UNIX uses DAC via file permissions, allowing owners to control access.

Question 10

What is the primary security concern with the ‘setuid’ mechanism?

A) It restricts user privileges

B) It can be exploited to escalate privileges

C) It disables user authentication

D) It logs user activities

Answer 10

B) It can be exploited to escalate privileges

Explanation:
If a setuid binary is exploited, attackers may gain elevated privileges.

Question 11

Which command is used to change file permissions in UNIX?

A) chmod

B) chown

C) chgrp

D) umask

Answer 11

A) chmod

Explanation:
chmod is used to set permissions (read, write, execute).

Question 12

What does the ‘sticky bit’ do when set on a directory in UNIX?

A) Prevents file deletion by non-owners

B) Allows all users to delete files

C) Grants execute permissions to all users

D) Locks the directory from changes

Answer 12

A) Prevents file deletion by non-owners

Explanation:
Sticky bit restricts file deletion in shared directories like /tmp.

Question 13

Which of the following is a common vulnerability in UNIX systems?

A) SQL injection

B) Cross-site scripting

C) Buffer overflow

D) Clickjacking

Answer 13

C) Buffer overflow

Explanation:
A common memory-based vulnerability where data overflows into adjacent memory, often exploited in UNIX systems.

Question 14

What is the role of the ‘root’ user in UNIX?

A) Limited access to system files

B) Standard user privileges

C) Full system access

D) Guest user privileges

Answer 14

C) Full system access

Explanation:
The root user has unrestricted control over the system.

Question 15

Which file in UNIX defines user group memberships?

A) /etc/passwd

B) /etc/group

C) /etc/shadow

D) /etc/login.defs

Answer 15

B) /etc/group

Explanation:
This file defines group memberships and related GIDs.

Question 16

What is the purpose of the ‘umask’ command in UNIX?

A) Sets default file permissions

B) Changes file ownership

C) Modifies user groups

D) Encrypts files

Answer 16

A) Sets default file permissions

Explanation:
umask sets default permission masks for newly created files.

Question 17

Which of the following commands can be used to view current user ID in UNIX?

A) whoami

B) id

C) uid

D) userinfo

Answer 17

B) id

Explanation:
id shows UID, GID, and associated groups. whoami shows current username.

Question 18

What is the effect of setting file permissions to ‘777’ in UNIX?

A) Full permissions for owner only

B) Full permissions for owner and group

C) Full permissions for everyone

D) No permissions for anyone

Answer 18

C) Full permissions for everyone

Explanation:
777 allows read, write, and execute permissions for owner, group, and others.

Question 19

Which of the following is a method to confine a process to a specific directory subtree in UNIX?

A) setuid

B) chroot

C) chmod

D) umask

Answer 19

B) chroot

Explanation:
chroot confines a process to a “jail” directory for isolation.

Question 20

What is the primary function of the ‘/etc/shadow’ file in UNIX?

A) Stores user account information

B) Stores encrypted passwords

C) Stores group information

D) Stores login history

Answer 20

B) Stores encrypted passwords

Explanation:
/etc/shadow holds securely hashed passwords not visible in /etc/passwd.

Question 21

Explain the concept of discretionary access control (DAC) in UNIX.

Answer 21

Answer:
DAC allows the owner of a resource (file or directory) to determine who can access it and what operations they can perform.

This is implemented through permission bits (read, write, execute) for owner, group, and others.

Question 22

Describe the role of the ‘root’ user in UNIX systems.

Answer 22

Answer:
The root user has UID 0 and possesses unrestricted access to all files, devices, and commands on the system.

It acts as the system administrator and can perform operations that regular users cannot.

Question 23

What is the purpose of the ‘chmod’ command?

Provide an example.

Answer 23

Answer:
chmod is used to change the access permissions of files or directories.

Example: chmod 755 myscript.sh gives read, write, execute to the owner and read, execute to group and others.

Question 24

How does the ‘chroot’ command enhance security?

Answer 24

Answer:
chroot confines a process to a specified directory tree, creating a “jail.”

This prevents the process from accessing files outside the specified directory, limiting the damage from a compromise.

Question 25

List and explain the three types of file permissions in UNIX.

Answer 25

Answer: Read (r): View contents of the file or list directory. Write (w): Modify the file or directory contents. Execute (x): Run the file as a program or enter a directory.

Question 26

What is a buffer overflow, and how can it be exploited?

Answer 26

Answer: A buffer overflow occurs when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory. Attackers exploit it to inject malicious code or change control flow, such as hijacking the return address.

Question 27

Describe the function of the 'setuid' bit.

Answer 27

Answer: When a file with the setuid bit is executed, it runs with the privileges of the file's owner, not the executing user. This allows temporary privilege elevation to run trusted programs.

Question 28

What are the potential risks associated with symbolic links?

Answer 28

Answer: Symbolic links can be used to trick privileged programs into accessing or modifying unintended files (e.g., via symlink attacks), especially when paths are not validated.

Question 29

Explain the difference between '/etc/passwd' and '/etc/shadow'.

Answer 29

Answer: /etc/passwd stores user account information and is world-readable. /etc/shadow stores encrypted passwords and is readable only by root, improving security.

Question 30

What is the significance of the 'sticky bit' on a directory?

Answer 30

Answer: When set on a directory, only the owner of a file (or root) can delete or rename it, even if others have write permissions. Useful for shared directories like /tmp.

Question 31

How does UNIX handle user authentication during login?

Answer 31

Answer: The login program (run as root) prompts for credentials, hashes the password using crypt() and compares it to the value in /etc/shadow. If matched, it starts a shell with the user's UID/GID.

Question 32

What is the function of the 'umask' command?

Answer 32

Answer: umask defines default permission settings for new files/directories by masking permission bits. For example, a umask of 022 results in default permissions of 755 for directories.

Question 33

Explain the concept of effective user ID (EUID) in UNIX.

Answer 33

Answer: The EUID determines the access rights of a running process. It may differ from the real UID, especially for setuid programs, allowing a process to access resources on behalf of another user.

Question 34

Describe a scenario where 'setuid' could lead to a security vulnerability.

Answer 34

Answer: If a setuid root program doesn't validate user input or environment variables properly, an attacker might exploit it (e.g., buffer overflow) to gain root privileges.

Question 35

What is the purpose of the 'chgrp' command?

Answer 35

Answer: chgrp changes the group ownership of a file or directory, which affects which group of users can access or modify it.

Question 36

How can the 'nosuid' mount option mitigate security risks?

Answer 36

Answer: The nosuid option disables setuid and setgid bits on a mounted file system, preventing execution of binaries that elevate privileges — especially useful for removable media.

Question 37

What is the role of the '/etc/group' file?

Answer 37

Answer: It defines user groups, their group ID (GID), and the list of users in each group. It's essential for group-based access control.

Question 38

Explain the concept of a 'confused deputy' problem.

Answer 38

Answer: A trusted program with elevated privileges (like setuid) can be tricked into misusing its authority on behalf of a less-privileged user, leading to unauthorized access.

Question 39

How does UNIX implement file system security?

Answer 39

Answer: Through permission bits (r, w, x) for owner, group, and others, combined with user IDs, group IDs, and mechanisms like setuid, sticky bit, and chroot for further control.

Question 40

What are the implications of setting file permissions to '777'?

Answer 40

Answer: It grants full read, write, and execute permissions to everyone. This is risky because any user can modify or execute the file, possibly leading to system compromise.

Question 41

Discuss the security implications of the 'setuid' mechanism in UNIX. Provide examples of potential vulnerabilities and mitigation strategies.

Answer 41

Outline of Answer: 1. Definition of setuid 2. Purpose: privilege escalation for trusted programs 3. Risks: --3.1 Exploitable bugs (e.g., buffer overflow) --3.2 Environment variable manipulation --3.3 Insecure coding practices 4. Examples: vulnerable setuid root programs 5. Mitigations: --5.1 Use nosuid --5.2 Audit setuid binaries --5.3 Use capabilities instead

Question 42

Analyze the effectiveness of the chroot mechanism in UNIX. What are its advantages and limitations in confining processes?

Answer 42

Outline of Answer: 1. Definition: sandboxing by changing root directory 2. Use cases: isolating services (e.g., FTP, web servers) 3. Limitations: --3.1 Not a complete jail --3.2 Can be escaped with open descriptors, device files 4. Best practices: --4.1 Never run as root inside chroot --4.2 Combine with privilege dropping --4.3 Use modern alternatives (e.g., containers)

Question 43

Compare and contrast Discretionary Access Control (DAC) and Mandatory Access Control (MAC). Why is UNIX traditionally based on DAC?

Answer 43

Outline of Answer: 1. Define DAC and MAC 2. UNIX's DAC model: file owner controls access 3. Advantages of DAC: simple, flexible 4. Limitations: lacks mandatory enforcement 5. MAC models (e.g., SELinux) 6. Why UNIX uses DAC: historical simplicity, user flexibility

Question 44

Describe the typical steps in the UNIX login process and explain how user authentication and UID transitions occur.

Answer 44

Outline of Answer: 1. Boot process launches login as root 2. Username/password entry 3. Password checked via /etc/shadow 4. UID/GID assigned after success 5. UID transitions in su, sudo, and setuid

Question 45

UNIX treats all system objects as files. Discuss how this design affects system security. Provide examples involving device files or IPC.

Answer 45

Outline of Answer: 1. UNIX philosophy: everything is a file 2. Impacts: --2.1 File-based permissions --2.2 Device files (e.g., /dev/mem) 3. Risks: --3.1 Malicious use of device files --3.2 Symbolic link attacks 4. Security benefits: unified access control

Question 46

What are mode bits in UNIX? Explain how they influence authorization and access control using relevant examples.

Answer 46

Outline of Answer: 1. File permission model: rwx 2. Ownership categories: owner, group, others 3. Examples: 755: full for owner, read-execute for others 4. Authorization checks based on effective UID/GID 5. Limitations in fine-grained control

Question 47

Examine the various types of vulnerabilities found in UNIX and Linux systems. Focus on buffer overflows, race conditions, and setuid abuses.

Answer 47

Outline of Answer: 1. Buffer overflows: exploitation and examples 2. Race conditions: TOCTOU vulnerabilities 3. Setuid abuses: privilege escalation 4. Denial of service 5. Secure coding practices and mitigations

Question 48

Discuss the concept of the Trusted Computing Base (TCB) in UNIX. What components are included and why are they critical for system security?

Answer 48

Outline of Answer: 1. Definition of TCB 2. Components: kernel, root processes 3. Why TCB is critical: Provides authentication, file access control, system services 4. Risks: TCB compromise = full system compromise 5. Reducing TCB size and attack surface

Question 49

How can symbolic links be abused in a UNIX environment? Discuss the security concerns and methods to prevent such attacks.

Answer 49

Outline of Answer: 1. What are symbolic links 2. Abuse scenarios: --2.1 Redirection in privileged contexts --2.2 ln -s /etc/passwd example 3. Defense mechanisms: --3.1 Use O_NOFOLLOW --3.2 Avoid using paths controlled by untrusted users

Question 50

Explain the role of group IDs (GIDs) and how group-based permissions work in UNIX. Include the role of /etc/group in your discussion.

Answer 50

Outline of Answer: 1. UNIX group model 2. Primary and supplementary groups 3. File permissions for group 4. Role of /etc/group 5. Command utilities: newgrp, groups 6. Security considerations and enforcement

Question 51

Illustrate how a 'confused deputy' problem might manifest in UNIX, especially in the context of setuid programs or daemons.

Answer 51

Outline of Answer: 1. Definition 2. Scenario: trusted program misuses its authority 3. Example: HTTP server with setuid permissions 4. Attack vector: attacker tricks program 5. Mitigations: --5.1 Validate input and context --5.2 Drop privileges early

Question 52

Discuss the security implications of the UNIX mount and automount features. Include an explanation of nosuid, nodev, and noexec options.

Answer 52

Outline of Answer: 1. What is mounting 2. Mount options: --2.1 nosuid: disables setuid --2.2 noexec: prevents binary execution --2.3 nodev: blocks device access 3. Attack vectors through mounted filesystems 4. Mitigation strategies

Question 53

UNIX permissions are assigned to owner, group, and others. How does this model limit fine-grained access control in complex environments?

Answer 53

Outline of Answer: 1. Basic model simplicity 2. Inadequacy for complex policies 3. No per-user or per-role access control 4. Solutions: --4.1 Access Control Lists (ACLs) --4.2 Mandatory Access Control (MAC) --4.3 Role-Based Access Control (RBAC)

Question 54

What are the dangers of poor file permission configurations? Provide examples such as /tmp vulnerabilities or world-writable files.

Answer 54

Outline of Answer: 1. Common risky settings: 777, world-writable 2. /tmp vulnerabilities: --2.1 Symlink attacks --2.2 File overwrite via shared filename 3. Mitigations: --3.1 Sticky bit --3.2 Proper umask --3.3 Avoid writable permissions for everyone

Question 55

Describe the purpose and usage of UNIX security tools like Tripwire, Bastille, Snort, and Nessus. How do they contribute to securing the OS?

Answer 55

Outline of Answer: 1. Tripwire: file integrity checker 2. Bastille: system hardening 3. Snort: intrusion detection 4. Nessus: vulnerability scanner 5. Use cases in system auditing and response

Question 56

Explain how file descriptors and open sockets can be exploited in a chroot environment. How can developers mitigate these risks?

Answer 56

Outline of Answer: 1. Problem: descriptors remain open across chroot 2. Scenarios: --2.1 File outside jail opened before chroot --2.2 Open socket used for remote control 3. Mitigations: --3.1 Close unneeded descriptors --3.2 Drop root privileges --3.3 Avoid chroot for high-security use

Question 57

Evaluate the evolution of UNIX security mechanisms. What were the original goals, and how have modern threats challenged them?

Answer 57

Outline of Answer: 1. Initial design goals: multi-user, cooperative trust 2. Security add-ons over time 3. Introduction of setuid, chroot, ACLs, SELinux 4. Modern needs: containers, isolation, networked threats

Question 58

UNIX lacks native support for network-based access control. Discuss the implications of this limitation and how modern systems attempt to address it.

Answer 58

Outline of Answer: 1. Traditional UNIX focus: local users/files 2. Network considered external 3. Implications: --3.1 Vulnerable daemons --3.2 Poor isolation 4. Modern tools: firewalls, SELinux policies, containerization

Question 59

How does UID and GID management support multi-user isolation in UNIX systems? What are potential misconfigurations that can break this isolation?

Answer 59

Outline of Answer: 1. Users have unique UIDs 2. Each process runs as a UID 3. GID enables group-based permissions 4. Isolation breaks if: --4.1 setuid misuse --4.2 shared writable files 5. Best practices: --5.1 Least privilege --5.2 User namespaces (in Linux)

Question 60

Propose a strategy for hardening a UNIX-based system for production deployment. Include configuration best practices, file permissions, and use of security tools.

Answer 60

Outline of Answer: 1. Permission management: strict umask, audit 777 files 2. User management: remove unused accounts, enforce strong passwords 3. Service restrictions: disable unneeded daemons, run as non-root 4. Use tools: Tripwire, Snort, Bastille 5. Security patches and monitoring