An unfortunate side effect of UNIX's popularity is that there are many different versions of UNIX; today, nearly every computer manufacturer has its own. Until recently, only UNIX operating systems sold by AT&T could be called "UNIX" because of licensing restrictions. Others manufacturers adopted names such as SunOS (Sun Microsystems), Solaris (also Sun Microsystems), Xenix (Microsoft), HP-UX (Hewlett-Packard), A/UX (Apple), Dynix (Sequent), OSF/1 (Open Software foundation), Linux (Linus Torvalds), Ultrix (Digital Equipment Corporation), and AIX (IBM)-to name a few. Practically every supplier of a UNIX or UNIX-like operating system made its own changes to the operating system. Some of these changes were small, while others were significant. Some of these changes have dramatic security implications, and unfortunately, many of these implications are usually not evident. Not every vendor considers the security implications of their changes before making them.
When we wrote the first edition of this book, there were two main families of UNIX: AT&T System V, and Berkeley's BSD. There were also some minor variations, including AT&T System III, Xenix, System 8, and a few others. For many years, there was a sharp division between System V and BSD systems. System V was largely favored by industry and government because of its status as a well-supported, "official" version of UNIX. BSD, meanwhile, was largely favored by academic sites and developers because of its flexibility, scope, and additional features.
As we describe in Chapter 1, the two main families of UNIX reunited several years ago in the form of System V Release 4 (usually referred to as V.4 or SVR4). Many of the better features of BSD 4.3 UNIX were built into SVR4, resulting in a system that combines many of the best features of both systems (as well as a few of the worst, unfortunately). This now represents the dominant basis for most modern versions of UNIX, with the notable exception of the "free" versions of UNIX: BSD 4.4, FreeBSD, and Linux.
This book covers UNIX security as it relates to common versions of UNIX. Specifically, we have attempted to present the material here as it pertains to SVR4 and then note differences with respect to other versions. Because of our long-standing experience with (and fondness for) the BSD-derived versions of UNIX, we will often refer to feature differences in terms of "BSD-derived features" and "AT&T-derived features," even though SVR4 may be thought of as having both. When you encounter these terms, think of "BSD-derived" as meaning BSD systems, Ultrix, SunOS 3.X and 4.X, Solaris 2.x, and SVR4. When you encounter the term "AT&T-derived," think of System V Release 3, Solaris 2.x, and, to some extent, AIX and HP-UX.
Particular details in this book concerning specific UNIX commands, options, and side effects are based upon the authors' experience with AT&T System V Release 3.2 and 4.0, Berkeley UNIX Release 4.3 and 4.4, NEXTSTEP, Digital UNIX (the new name for OSF/1), SunOS 4.0 and 4.1, Solaris 2.3 and 2.4, and Ultrix 4.0. We've also had the benefit of our technical reviewers' long experience with other systems, such as AIX, HP-UX, and Linux. As these systems are representative of the majority of UNIX machines in use, it is likely that these descriptions will suffice for most machines to which the reader will have access.
NOTE: Throughout this book, we generally refer to System V Release 4 as SVR4. When we refer to SunOS without a version number, assume that we are referring to SunOS 4.1.x. When we refer to Solaris without a version number, assume that we are referring to Solaris 2.x.
Many UNIX vendors have modified the basic behavior of some of their system commands, and there are dozens upon dozens of UNIX vendors. As a result, we don't attempt to describe every specific feature offered in every version issued by every manufacturer-that would only make the book longer, as well as more difficult to read. It would also make this book inaccurate, as some vendors change their systems frequently. Furthermore, we are reluctant to describe special-case features on systems we have not been able to test thoroughly ourselves. Whether you're a system administrator or an ordinary user, it's vital that you read the reference pages of your own particular UNIX system to understand the differences between what is presented in this volume and the actual syntax of the commands that you're using. This is especially true in situations in which you're depending upon the specific output or behavior of a program to verify or enhance the security of your system.
NOTE: By writing this book, we hope to provide information that will help users and system administrators improve the security of their systems. We have tried to ensure the accuracy and completeness of everything within this book. However, as we noted previously, we can't be sure that we have covered everything, and we can't know about all the quirks and modifications made to every version and installation of UNIX-derived systems. There are so many versions, furthermore, that sometimes it is easy to get similar but different versions confused. Thus, we can't promise that your system security will never be compromised if you follow all our advice, but we can feel sure in promising that attacks will be less likely. We encourage readers to tell us of significant differences between their own experiences and the examples presented in this book; those differences may be noted in future editions.
Over time, several vendors have developed "secure" versions of UNIX, often known as "trusted UNIX." These systems embody mechanisms, enhancements, and restraints described in various government standards documents. These enhanced versions of UNIX are designed to work in Multi-Level Security (MLS) and Compartmented-Mode Workstation (CMW) environments-where there are severe constraints designed to prevent the mixing of data and code with different security classifications, such as Secret and Top-Secret. Trusted Xenix and System V/MLS are two of the better-known instances of trusted UNIX.
Secure UNIX systems generally have extra features added to them including access control lists, data labeling, and enhanced auditing. They also remove some traditional features of UNIX such as the superuser's special access privileges, and access to some device files. Despite these changes, the systems still bear a resemblance to standard UNIX.
These systems are not in widespread use outside of selected government agencies. It seems doubtful to us that they will ever enjoy widely popular acceptance because many of the features only make sense within the context of a military security policy. On the other hand, some of these enhancements are useful in the commercial environment as well, and C2 security features are already common in many modern versions of UNIX.
Today trusted UNIX systems are often more difficult to use in a wide variety of environments, more difficult to port programs to, and more expensive to obtain and maintain. Thus, we haven't bothered to describe the quirks and special features of these systems in this book. If you have such a system, we recommend that you read the vendor documentation carefully and repeatedly. If these systems become more commonly accepted, we'll describe them in a future edition.