Security Classifications

From FedoraProject

Revision as of 14:39, 26 March 2013 by Sparks (Talk | contribs)

Jump to: navigation, search

Contents

Security Issue Definitions

A security issue is a class of bugs which can allow an attacker to deny the user computing resources, or possibly execute arbitrary code on the user's machine. Security issues pose significant risk to users since they can be used by viruses and worms to spread between computers. Security issues can be broken down into two basic types: denial of service (DoS), and arbitrary code execution.

Denial of Service

A denial of service issue is one which can deny computing resources to the user. An issue such as this will cause the program in question to crash, consume a great deal of memory, disk space, or CPU time. Many programs contain various bugs which can cause them to crash on occasion; some of them are not considered denial of service issues since the crashes can be impossible to reproduce in a consistent manner. A denial of service issue is one that can be reliably reproduced, and can be used by an attacker to purposely crash a running program.

Denial of service examples

  • Specially crafted email message which crashes a client
  • Specially crafted network data which crashes a daemon
  • Specially crafted HTML which crashes a browser
  • Certain actions which can allow a normal user to crash the computer

Things that would not be denial of service issues

  • Crashing a text editor by doing a very complex user input operation
  • Crashing an application by repeatedly clicking the same button
  • Crashing the computer by doing and action which already requires physical access (ie. insert a specially crafted CD)
  • This is often questioned, but ask yourself if it is easier to create a malicous CD, or push the power button.

Arbitrary Code Execution

Arbitrary code execution security issues are often considered much more dangerous than denial of service issues. It is possible for an arbitrary code execution issue to allow a malicious user to gain control of a computer, or allow the propagation of a virus or worm. During the normal execution of a program, there is an understood and expected flow of execution. It is possible for specially crafted input to a program to alter this flow of execution and run code of an attacker's choice.

Remote code execution

Any time a computer is connected to a network, the potential exists for a remote attacker to leverage an arbitrary code execution issue remotely. This means that the attacker does not have to be near, or logged into the computer that is being attacked. An example of this behavior would be one of the various worms which have infected countless computers connected to the Internet. Remote code execution issues are also often leveraged by crackers in order to gain unauthorized access to a computer system.

Local code execution

A local code execution issue is one which can either allow an attacker to run code as the user executing a specific command, or leveraged on an SUID program to elevate privileges.

Often there are issues found in various commands which could cause arbitrary command execution, but would require the user to execute a specific command. These sort of bugs are not considered security issues since it would only allow a local user to run arbitrary code as themselves, which accomplishes nothing.

If a certain local command has permissions set which causes it to execute with elevated privileges, it can be possible for a user to execute a specially crafted command which will allow them to run code with elevated privileges, possibly even root.


Notes

See Security Bugs for information on how to properly file a security bug.