introduction to information security - tau · disclaimer the next few slides are easy. don't...
TRANSCRIPT
Introduction to Information SecurityLinux
DISCLAIMERThe next few slides are easy. Don't worry.
OS• The OS is the system that operates the machines
• Provides abstractions for developers
• For example, system calls
• read() works on hard drives and flash drives both
• Provides abstractions for users
• For example, the file system
• That's how 80% of users perceive "the computer"
The Filesystem• Storage device (hard drive, flash drive, etc.) – a block of contiguous bytes
• Filesystem (ex4, ntfs, etc.) – a structuring of these bytes
• Usually a tree of entries with metadata (permissions, timestamps, etc.) and data (content)
• User Interface
• GUI – Graphical User Interface
• CLI – Command Line Interface
010011100100100110100111110010000001010011011011101100011010
010011100100100110100111110010000001010011011011101100010010
/
bin dev etc home usrtmp
foo bar
GUI• Desktop
• User clicks on icons
• Directories open in windows
• Files open in editors/viewers
• The desktop is just a directory!
CLI• Terminal
• User types in a command, a result is printed, and so on
• Each entry is defined by a path
• Absolute path – start at the root directory (/home/student/desktop/directory/file.txt)
• Relative path – starts at the current directory (desktop/directory/file.txt)
• . – current directory
• .. – parent directory
• We start at the user's home directory (/home/<username>)
Common Commands• pwd – print working (current) directory
• cd – change directory
• ls – list directory
• cat – read file (sort of)
• echo– write file (sort of)
The Anatomy of a Command• <command> [arg] [arg] [...] <enter>
• commands runs
• reads from stdin
• writes to stdout and stderr (by default, both are the terminal)
• command terminates with some status (0 is good – others are not)
int main(int argc, char* argv[]){
int x;scanf ("%d", &x);printf("%d\n", x);return 0;
}
arguments
stdin
stdout
status
Redirection• < redirects stdin
• > redirects stdout
• >> appends
• 2> redirects stderr
• 2>> appends
• 2>&1 redirects stderr to stdout
• > /dev/null 2>&1
The CAT Example• cat foo
• cat foo bar
• cat
• cat -
• cat foo - bar
• cat foo < bar
• cat foo - < bar
• cat foo bar > foobar
• cat foo - < bar > foobar 2> /dev/null
Pipes• Unix utilities tend to have consistent design
• If there are no arguments, work on stdin
• If there are argument, work on them (and consider "–" as stdin)
• | left's stdout is right's stdin
• cat file.txt | sort | uniq
• cat file.txt | echo > copy.txt
• cat file.txt | cat > copy.txt
• cat file.txt > copy.txt
• cp file.txt copy.txt
Filesystem Commands• mv – move (also used to rename files)
• cp – copy (cp –r to copy directory recursively)
• rm – delete (rm –r to remove directory recursively)
• mkdir – create empty directory
• rmdir – delete empty directory
• ls -l
type
permissions owner group size mtime name
Filesystem Permissions• 3 actions – r (read), w (write), and x (execute)
• 3 entities – u (user/owner), g (group), and o (other)
• 3 x 3 permutations = 3 octal digits
• chmod 755 <file>
• chmod 644 <file>
• chmod u+x,g-w,o=r <file>
Filesystem Permissions• Files
• r – view content
• w – edit content
• x – use content = run content as code
• Directory – content = names to entries
• r – view content = view names
• w – edit content = edit names
• x – use content = resolve ("dereference") names
File metadata
FOO!
Directory metadata
foobar
File metadata
BAR!
Everything is a File• (Almost) everything in Unix can be opened, read, written, and closed
• Files
• Directories
• Special files – /dev/null, /dev/zero, /dev/urandom
• Devices – "/dev/mouse", "/dev/keyboard", "/dev/screen", "/dev/sound"
a.out: command not found• What is a command?
• 99% of commands are programs in standard directories
• See the PATH environment variable and the which command
• When you create an executable program, it still isn't a command – i.e., you can't run it as a command
• Put it somewhere on PATH (requires root privileges)
• Add its directory to PATH (affects only this user)
• Run it as a program, not a command – i.e., specify its path
• /bin/ls
• ./a.out
</easy>
Code is Data• Once...
• Computers stored data
• Computers had to be configured / rewired
• Then along came von Neumann...
• And said code can be stored as data
• Machine code – B8 01 01 00 00 00
• Assembly mnemonics – MOV EAX, 1
• High-level language: C – x = 1
• ... And Python
Compilation• gcc a.c, right?
• gcc –E a.c # preprocessing
• gcc –S a.c # compilation
• gcc –c a.s # assembly
• gcc a.o # static linking
• ./a.out # dynamic linking + execution
Preprocessing• #define <macro> <value>
• Substitues all the macros with their values
• #include <file>
• Pastes in the file content
• OK...
gcc –E a.c
gcc –S a.c
gcc –c a.s
gcc a.o
./a.out
Compilation• Syntactic Analysis
• Make sure the language is valid C
• Semantic Analysis
• Make sure the program makes sense
• OK...
gcc –E a.c
gcc –S a.c
gcc –c a.s
gcc a.o
./a.out
Assembly• Almost one-to-one mapping
• OK... So are we done?
gcc –E a.c
gcc –S a.c
gcc –c a.s
gcc a.o
./a.out
Multiple Files• Use #include!
• Problems:
• Time – main > libc (prinf) > linux (write) > drivers
• Money – what if not everything is open source?..
gcc –E a.c
gcc –S a.c
gcc –c a.s
gcc a.o
./a.out
#include "bar.c"#include "foo.c"
#include "foo.c"#include "bar.c"
#include <stdio.h>
int main(){
printf("%d\n", bar());return 0;
}
main.cint bar(){
return foo();}
bar.c int foo(){
return 1;}
foo.c
So Linking• #include headers with interfaces, not implementation
• This allows compilation (namely, semantic analysis) – but not execution
• "Placeholders": E8 00 00 00 00 (more on this later...)
• Link everything together: gcc main.o bar.o foo.o libc.o
• Static Linker / Link Editor
• Archives – libfoo.a (or libc.a)
gcc –E a.c
gcc –S a.c
gcc –c a.s
gcc a.o
./a.out
#include <stdio.h>#include "bar.h"
int main(){
printf("%d\n", bar());return 0;
}
main.c int bar(); bar.h
#include "foo.h"
int bar(){
return foo();}
bar.c int foo(); foo.h
int foo(){
return 1;}
foo.c
NOW we are done, right?• Problem: storage
• libc is statically linked into basically every binary on Earth
• And it's always present! Why duplicate it?
• So now even executables contain "placeholders"
• Dynamic Linker / Loader
• SOs (Shared Objects) – libfoo.so (or libc.so)
• a.out contains an indication it needs to be dynamically linked with libc.so
• If it's not present on the system – no game
• Actually, since it's read-only, it can even be shared in memory...
• But let's not go there
gcc –E a.c
gcc –S a.c
gcc –c a.s
gcc a.o
./a.out
Recap
Human Readable Recap
#include <stdio.h>#include "foo.h"
int main(){
printf("%d\n", foo());return 0;
}
int printf(const char* format, ...);int foo();;
int main(){
printf("%d\n", foo());return 0;
}
_FORMAT: .string "%d\n"CALL fooPUSH EAXPUSH _FORMATCALL printfADD ESP, 8PUSH 0CALL exit
25 64 0a 00E8 ?? ?? ?? ??5050E8 ?? ?? ?? ??83 c4 086a 00E8 ?? ?? ?? ??
25 64 0a 00E8 80 48 ca fe5050E8 ?? ?? ?? ??83 c4 086a 00E8 ?? ?? ?? ??
... # foo.o
25 64 0a 00E8 80 48 ca fe5050E8 80 48 12 3483 c4 086a 00E8 80 48 de ad
libc.so
gcc –E a.c
gcc –S a.c
gcc –c a.s
gcc a.o
./a.out
ELF• Executable and Linkable Format
• Divided into sections / segments
• Some contain code
• Some contain data
• Some contain relocation information
• .o files (object files) are ELFs
• executable files and shared objects are also ELFs, but with less relocations
• Old link editors / dynamic linkers "patched" the code – remember the aforementioned "placeholders"?
• Quite difficult
• There are lots of standard library functions to patch... And dynamic loading takes startup time
"All problems in computer science can be
solved by another level of indirection."
- David Wheeler
GOT/PLT• A table of "placeholders"
• Much easier to patch
• One entry per unresolved name
• Global Offset Table – for data
• Procedure Linkage Table – for functions
• Gross oversimplification, but we're out of time
GOT/PLT80481234 ?? ?? ?? ??8048cafe ?? ?? ?? ??8048dead ?? ?? ?? ??
Human Readable Recap
#include <stdio.h>#include "foo.h"
int main(){
printf("%d\n", foo());return 0;
}
int printf(const char* format, ...);int foo();;
int main(){
printf("%d\n", foo());return 0;
}
_FORMAT: .string "%d\n"CALL fooPUSH EAXPUSH _FORMATCALL printfADD ESP, 8PUSH 0CALL exit
25 64 0a 00E8 80 48 ca fe5050E8 80 48 12 3483 c4 086a 00E8 80 48 de ad
25 64 0a 00E8 80 48 ca fe5050E8 80 48 12 3483 c4 086a 00E8 80 48 de ad
foo.o
25 64 0a 00E8 80 48 ca fe5050E8 80 48 12 3483 c4 086a 00E8 80 48 de ad
GOT/PLT80481234 a0 00 12 348048cafe ?? ?? ?? ??8048dead ?? ?? ?? ?? libc.so
gcc –E a.c
gcc –S a.c
gcc –c a.s
gcc a.o
./a.out
GOT/PLT80481234 a0 0 12 348048cafe af ff ca fe8048dead af ff de ad
ADDENDUMGDB
GDB• GNU Debugger
• Much nicer if you compile with debugging symbols (-g)
• Runs the executable "on a leash"
• Breakpoints – "run until you reach some line / function / address and stop there"
• Access, and even change, variables, registers, memory and whatnot
• View the executing source code, or opcodes, and slowly step on / in
• As well as other utterly and completely amazing stuff
• Stop when some memory location is changed, or even just accessed (!)
• Rewind the execution (!!!)
GDB