Questions tagged [unix]

Unix is a family of multiuser, multitasking operating system that is widely used in workstations, servers and embedded devices. The best-known Unix variant is Linux.

Unix is a family of multiuser, multitasking operating systems found on many servers, workstations, network equipment and other embedded devices. Unix variants include , , , , and more. Use the tag for questions that are about Unix-like systems in general; if your question is about a specific operating system (Linux, OpenBSD, …), use the tag for that system. For functional questions (“How do I use this tool which is not specifically a security tool?”), try asking on our sister site Unix & Linux.

In the core Unix security model, roles are described in terms of users (who are typically either physical users or system services) and groups. The permissions of an application are those of the user executing it. Some programs run with elevated privileges through the setuid/setgid mechanism.

Resources such as data files, programs and devices are accessed through files. In the traditional Unix model, each file has an owner and group, and the owner, group and others are granted separate permissions (read/write/execute). Many modern Unix systems provide access control lists and other extensions to the basic model.

151 questions
193
votes
7 answers

How can I protect myself from this kind of clipboard abuse?

Clipboard abuse from websites Many websites use JavaScript or CSS to stealthily insert or replace text in the user's clipboard whenever they copy information from the page. As far as I know this is mostly used for advertising purposes, but PoC for…
sam hocevar
  • 1,869
  • 2
  • 13
  • 9
97
votes
7 answers

How does hacking work?

I am specifically talking about web servers, running Unix. I have always been curious of how hackers get the entry point. I mean I don't see how a hacker can hack into the webpage when the only entry method they have into the server is a URL. I must…
user7360
62
votes
6 answers

Unix execute permission can be easily bypassed. Is it superfluous, or what's the intention behind it?

The unix read permission is actually the same as the execute permission, so if e.g. one process has write access it's also able to execute the same file. This can be done pretty easily:First this process has to load the content of the file,which…
Martin Erhardt
  • 723
  • 1
  • 5
  • 9
52
votes
6 answers

Why does one need a strong password on Unix?

SSH Server: I only allow public-key authentication. Malicious Software: If it's running as my user it has access to my data and an internet connection, it's bad enough already. Yes, su access would make it worse, but the issue here is not password…
Alex
  • 819
  • 1
  • 7
  • 11
47
votes
2 answers

Is mosh now recommended by the security experts? (2014)

Mosh has been around for a while now. Although it's claimed to be "a replacement for SSH" by its authors, mosh does actually depend on ssh to do the initial authentication, after which an instance of the mosh binary is started on the server, the…
cnst
  • 1,884
  • 2
  • 19
  • 30
43
votes
4 answers

Is passing sensitive data through the process environment secure?

Recently, I have been looking for the possibility to pass sensitive information from one process to another (at process startup time) without passing it through the command line or without using a filesystem entry. This is on Linux but the question…
David Tonhofer
  • 781
  • 6
  • 13
29
votes
5 answers

Why should one use sudo?

Most modern Linux articles advice using sudo rather than logging into root. This advice is so ingrained, some distros don't automatically allow root login. Indeed they come pre-configured with sudo using the users password to run arbitrary commands…
Charles Shiller
  • 443
  • 1
  • 4
  • 6
23
votes
3 answers

How to view all SSH authorized_keys for a unix server

How would I view all the authorised SSH clients from a unix server? I know that cat ~/.ssh/authorized_keys shows authorised keys if logged in from root. Can other users set their own authorised keys too? In which case, how would I view all system…
user2761030
  • 331
  • 1
  • 2
  • 4
21
votes
5 answers

Is it possible for a file that is non-executable and read-only to run malicious code?

On a POSIX system, is there a possibility for a file which is non-executable and read-only (aka with a mode 444) to run malicious code on a machine? If so, can you explain how it would do so?
Idr
  • 321
  • 2
  • 6
18
votes
3 answers

How do I ensure data encryption on Samba transmission on *NIX systems?

I have a heterogeneous system (both MS and *nix) that communicates with CIFS/SMB. How can I ensure proper data encryption at the application layer?
dalimama
  • 1,065
  • 1
  • 11
  • 21
17
votes
2 answers

Where is my password stored on Linux?

Is there a specific location where the passwords are stored ? Is it depending on which version is used ? Are they salted ?
Vladimir Leiv
  • 897
  • 3
  • 8
  • 14
15
votes
1 answer

Linux /etc/shadow password change security

I wonder what happens what happens when I am changing my password on a Linux system. Basically all passwords are stored in a file called /etc/shadow or /etc/master.passwd in BSD-like systems as I do remember. Both of them are owned by root/wheel…
PaulOverflow
  • 273
  • 1
  • 9
15
votes
7 answers

UNIX Servers: Possible intrusions or attacks that do not use any of the open listen sockets

What type of attacks are there that do not use open TCP or open UDP ports? Is it safe to assume that no open ports means no remote access? (Excluding the possibility that there is a badware already on the machine that makes outgoing connections to…
700 Software
  • 13,807
  • 3
  • 52
  • 82
15
votes
4 answers

Finding environment variables with gdb, to exploit a buffer overflow

I have to exploit a very simple buffer overflow in a vulnerable C++ program for an assignment and I am not being able to find the environment variable SHELL. I have never worked with BoF before, and after reading lots of similar questions, posts,…
Palantir
  • 313
  • 2
  • 3
  • 7
14
votes
4 answers

OpenBSD vs. NetBSD security

If I search for the two words: OpenBSD and NetBSD on http://www.exploit-db.com/ then I get 17 hits regarding security bugs on OpenBSD, and 8 hits regarding security bugs on NetBSD. So what are the differences exactly, and how do NetBSD and OpenBSD…
LanceBaynes
  • 6,149
  • 11
  • 60
  • 91
1
2 3
10 11