[PREVIOUS CHAPTER]
[NEXT CHAPTER]
9 Security
9.1 Security 関係ã®åŸºæœ¬æ€æƒ³
基本的ã«
1 デフォールトã§ã¯ã™ã¹ã¦ã‚’èªã‚ãªã„
2 å¤§ä¸ˆå¤«ã¨æ€ã‚れるもã®ã‚’通ã™ã‚ˆã†ã«ã™ã‚‹
3 ç–‘ã‚ã—ãã‚‚ã®ã¯ã¯ã˜ã„ã¦åˆ¤æ–ã‚’ï¼ï¼¬ã®ç®¡ç†è€…ã¸ã‚ãŠã
ã¨ã„ã†é¢¨ã«æ§‹æˆã•れã¦ã„ã¾ã™ã€‚
9.2 Security Check Routine
ファイアウォールã§ã‚‚åŒæ§˜ã§ã™ãŒã€æ¦‚念的ã«ï¼’種類ã®è€ƒãˆæ–¹ãŒå‡ºæ¥ã¾ã™ã€‚
1 明らã‹ã«å±ãªã„ã‚‚ã®ã‚’除ã„ã¦ã„ã
2 安全ãªã‚‚ã®ã‚’許å¯ã—ã¦ã„ã£ã¦ãã‚Œä»¥å¤–ã¯æ‹’å¦ã™ã‚‹
1 deny all, permit secure conditions
2 permit all, deny known insecure conditions.
fml 㯠1 ã®ãƒãƒªã‚·ãƒ¼ã‚’採用ã—ã¦ã„ã¾ã™ã€‚fml-support: 00950 ã§ã‚‚è¿°ã¹ã¦ã„ã¾ã™ãŒ
1.x ã¯å¤–掘ã‹ã‚‰åŸ‹ã‚ã‚‹æ–¹å¼ (関数 InSecureP)
2.y ã¯å†…掘ã‹ã‚‰åŸ‹ã‚ã‚‹æ–¹å¼ (関数 SecureP)
ã¨ã„ã£ã¦ã¾ã™(^^)。1.x 㨠2.y ã®é–¢ä¿‚ã¯ãã®ã¾ã¾ 上㮠1 㨠2 ã®é•ã„ã¨ã„ã£
ã¦é–“é•ã„ã‚りã¾ã›ã‚“。
SecureP ã¯ä»¥ä¸‹ã®ã‚ˆã†ã«ã€Žã‚³ãƒžãƒ³ãƒ‰ã¨ã—ã¦ã†ã‘ã„れる命令(メールã®ä¸€è¡Œå…¨ä½“
ã«ã¤ã„ã¦å®Ÿè¡Œ)ã®å½¢ã‚’é™å®šã€ã—ã¾ã™ã€‚
例外処ç†ã¨ã—ã¦:
whois 日本語
ã‚’ã©ã†ã—よã†ï¼Ÿã¨ã„ã†å•題ãŒã‚りã¾ã™ã€‚今ã®ã¨ã“ã‚â€é€šã•ãªã„â€è¨å®šã®ã¾ã¾ã§
ã™ãŒã€ã“れã¯ã“れã§ä½•ã¨ã‹ã™ã‚‹ã¹ãå•題ãªã®ã§ã™ãŒã€è‰¯ã„解決ç–ã¯ã‚りã¾ã›ã‚“。
例: 許ã•れるパターンを拡張ã™ã‚‹ä¾‹(%SECURE_REGEXPを使ã†)
$SECURE_REGEXP{'whois'} = '\s*whois\s+\033\$[\@B][\041-\176]+\033\([BJ]\s*';
#注æ„:
#ã“ã®ãƒ‘ターンを調ã¹ã‚‹ã¹ãå¯¾è±¡ã®æ–‡å—列全体ã«ãƒžãƒƒãƒã•ã›ã‚‹ã®ã§
#最後ã®ã‚¹ãƒšãƒ¼ã‚¹ç‰ãŒã‚りã†ã‚‹ã®ãªã‚‰ã€ãれらも考慮ã™ã‚‹å¿…è¦ãŒã‚ã‚‹
[æ•æ‰] 許ã•れるコマンドã®ã‚·ãƒ³ã‚¿ãƒƒã‚¯ã‚¹
シェルã¨é–¢ä¿‚ã—ã¦ã„ã¾ã™ã€‚
Quoted from 4.4BSD:/usr/share/man/cat1/sh.0
Shell Patterns
A pattern consists of normal characters, which match them-
selves, and meta-characters. The meta-characters are
``!'', ``*'', ``?'', and ``[''. These characters lose
there special meanings if they are quoted. When command
or variable substitution is performed and the dollar sign
or back quotes are not double quoted, the value of the
variable or the output of the command is scanned for these
characters and they are turned into meta-characters.
An asterisk (``*'') matches any string of characters. A
question mark matches any single character. A left bracket
(``['') introduces a character class. The end of the
character class is indicated by a ``]''; if the ``]'' is
missing then the ``['' matches a ``['' rather than intro-
ducing a character class. A character class matches any
of the characters between the square brackets. A range
of characters may be specified using a minus sign. The
character class may be complemented by making an exclama-
tion point the first character of the character class.
To include a ``]'' in a character class, make it the first
character listed (after the ``!'', if any). To include a
minus sign, make it the first or last character listed
NOTE: 1998/11/08 permit "admin add MAR+KUN@DOMAIN " syntax
+'ed user <addr+ext@domain> (for sendmail users):
fix to permit this address syntax when automagic registration.
but not fix to permit command with this addr beautifully.
# so require more eloborate design
+'d ユーザã®ã‚¢ãƒ‰ãƒ¬ã‚¹ä½“系を扱ãˆã‚‹ã‚ˆã†ã«ä¿®æ£
9.3 DNS Spoofing
デフォールトã§ã¯ä½•ã‚‚ã—ã¦ã„ã¾ã›ã‚“㌠$LOG_CONNECTION ãŒONã®æ™‚ã¯
$LOG_CONNECTION = 1;
コãƒã‚¯ã‚·ãƒ§ãƒ³ã‚’å¼µã£ã¦ããŸç›¸æ‰‹å…ˆã®IPアドレスを $PeerAddr ã«è¨å®šã—ã¾ã™ã€‚
firewall è¶Šã—ã ã£ãŸã‚Šã™ã‚‹ã¨ç„¡æ„味ã§ã™ãŒâ€¦$PeerAddr ã¨ã„ã†å¤‰æ•°ã«ç›¸æ‰‹ã®
ホストã®IPアドレスãŒä¿å˜ã•れã¾ã™ã€‚$PeerAddr を使ã£ã¦ DNS Spoofing
Check コードをHOOK掛ã‘れã°ã‚ˆã„ã§ã—ょã†ã€‚
9.4 Address Spoofing
ã“れã¯ç„¡ç†ã£ã™ã€‚ã‚‚ã£ã¨ä¸‹ã®layerã§ä½•ã¨ã‹ã—ã¦ã。
9.5 SYN Flooding
ã“れもカーãƒãƒ«ãƒ¬ãƒ™ãƒ«ã®è©±ã€‚æ ¹æœ¬çš„ãªå¯¾ç–ã¯é›£ã—ã„。
9.6 Email アドレスã®è¡¨ç¾ã¨RFC822
9.7 smrsh.c
smrsh.c ã¯ã€
"|program ..."
ã® program ãŒä½•を実行ã™ã‚‹ã‹ï¼Ÿã§ã¯ãªã program ã®åå‰ãŒ /usr/adm/sm.bin
ã®ä¸ã«ã‚ã‚‹ã‹ã©ã†ã‹ï¼Ÿã‚’見ã¦ã„ã¾ã™ã€‚# access(2) ã§ã€
よã£ã¦ã€/usr/adm/sm.bin/fml.pl ã§ã™ã:-)
9.8 access(2)
smrsh.c 㯠access(2) を使ã£ã¦ã„ã¾ã™ãŒâ€¦ã†ã…
--- NetBSD 1.2REL /usr/share/man/cat2/access.0
CAVEAT
Access() is a potential security hole and should never be used.
4th Berkeley Distribution September 15, 1996 2
--- perl5.003/perl.c
/* On this access check to make sure the directories are readable,
* there is actually a small window that the user could use to make
* filename point to an accessible directory. So there is a faint
* chance that someone could execute a setuid script down in a
* non-accessible directory. I don't know what to do about that.
* But I don't think it's too important. The manual lies when
* it says access() is useful in setuid programs.
*/
9.9 Precedence Priority
sendmail 8.8.5 operations manual tells:
5.7. P -- Precedence Definitions
Values for the "Precedence:" field may be defined
using the P control line. The syntax of this field
is:
Pname==num
When the name is found in a "Precedence:" field, the
message class is set to num. Higher numbers mean
higher precedence. Numbers less than zero have the
special property that if an error occurs during pro-
cessing the body of the message will not be returned;
this is expected to be used for "bulk" mail such as
through mailing lists. The default precedence is
zero. For example, our list of precedences is:
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
People writing mailing list exploders are encouraged
to use "Precedence: list". Older versions of sendmail
(which discarded all error returns for negative prece-
dences) didn't recognize this name, giving it a
default precedence of zero. This allows list main-
tainers to see error returns on both old and new ver-
sions of sendmail.
9.10 4.4BSD vacation
No message will be sent unless login (or an alias supplied using the -a
option) is part of either the ``To:'' or ``Cc:'' headers of the mail. No
messages from ``???-REQUEST'', ``Postmaster'', ``UUCP'', ``MAILER'', or
``MAILER-DAEMON'' will be replied to (where these strings are case insen-
sitive) nor is a notification sent if a ``Precedence: bulk'' or
``Precedence: junk'' line is included in the mail headers. The people
who have sent you messages are maintained as a db(3) database in the file
.vacation.db in your home directory.
9.11 File and Directory Permission Default
umask(2) default is customizable.
$FML_UMASK for fml.pl
$MSEND_UMASK for msend.pl
$UMASK is used if neither $FML_UMASK nor $MSEND_UMASK is not defined.
9.12 Directory Permissions
複数ã®äººãŒ fmlserv ã¨ä¸€ç·’ã«ä½¿ã†å ´åˆ fmlserv ã¯ãƒ¡ãƒ³ãƒãƒ¼ãƒªã‚¹ãƒˆã‚’書ã変ãˆ
ã‚‹ç‰ã®ãŸã‚ã« group permission ãŒå¿…è¦ã§ã™ã€‚
# ãã®ãŸã‚ã« root process を作れã°ã€ãã†ã§ãªãã¦ã‚‚ã§ããªãã¯ãªã„ã¯ãš
# ã§ã™ãŒã€root process を増やã™ã“ã¨ã¯ã‚„りãŸããªã„ã®ã§
$USE_FML_WITH_FMLSERV
変数ã¯ãれをæ„味ã™ã‚‹ãŸã‚ã®å†…部変数ã§ã™ãŒã€æ™®é€šã¯ fml.pl ㌠$DIR ã®éš£ã«
fmlserv ã¨ã„ㆠdirectory ãŒã‚ã‚‹ãªã‚‰è‡ªå‹•çš„ã«è¨å®šã—ã¾ã™ã€‚ã†ã¾ãã„ã‹ãªã„
ã¨ã㯠explicit ã«è¨å®šã—ã¦ä¸‹ã•ã„。ãれã‹ã‚‰ $GID ã‚‚ fmlserv ã®ãŸã‚ã«å°Ž
å…¥ã•れãŸå¤‰æ•°ã§ã™ã€‚
9.13 sendmail 8.8 ã«ãŠã‘ã‚‹ check_* ルールセットã«ã¤ã„ã¦
9.14 SMTP and Authentication
draft-myers-smtp-auth-11.txt (submitted to be Proposed Standard)
RFC2222 (SASL)
SASL: Simple Authentication and Security Layer
draft-hoffman-smtp-ssl-06.txt (SMTP over secured layer)
9.15 &system() function
system 㯠perl ã®å†…部関数ã§ã¯ãªãç‹¬è‡ªã«æ›¸ã„㟠system を使ã£ã¦ã„ã¾ã™ã€‚
何故ã‹ã†ã¾ãå‹•ã‹ãªã„å ´åˆã‚„ã€fork() ãŒãªã„NTãªã©ã§ã¯ perl 附属ã®
system() を使ã‚ã–ã‚‹ã‚’å¾—ãªã„å ´åˆãŒã‚りã¾ã™ã€‚デフォールトã§ã¯ perl 附属
ã® system() を使ã£ã¦ã„ã¾ã›ã‚“。
コマンドãŒã†ã¾ãå‹•ã‹ãªã„å ´åˆã«
$INSECURE_SYSTEM = 1; (default 0)
ã¨ã„ã†å¤‰æ•°è¨å®šã‚’ã—ã¦å‹•ãã“ã¨ãŒã‚ã‚‹ã‹ã‚‚ã—れã¾ã›ã‚“。
ãªãŠ NT ã§ã¯ system() を使ã£ã¦ã„ã¾ã™ã€‚
ã„ãšã‚Œã®å ´åˆã§ã‚‚シンタックスãƒã‚§ãƒƒã‚¯ãŒäº‹å‰ã«è¡Œãªã‚れã€ãã®å¾Œ system ã‚’
呼んã§ã„ã¾ã™ã€‚
[PREVIOUS CHAPTER]
[NEXT CHAPTER]