Manuals / HP / Computer Equipment / Software

HP Host Intrusion Detection System (HIDS) manual Programming Guidelines, 190

Models: Host Intrusion Detection System (HIDS)

1 270
Download 270 pages 6.58 Kb
Page 202
Image 202

Automated Response

Programming Guidelines

Programming Guidelines

Writing Perl vs. Shell Response Scripts

Perl itself is not privileged, but, when a Perl script is run by a privileged user (as it often is), care must be taken to make sure that the script is secure.

It is far easier to write an insecure script in Perl compared to a shell (POSIX, Korn, C, etc.). This is similar to the problems with using the str*() functions: the functions themselves have no security issues when properly used; however, in practice, their usage is almost always insecure, and it is better to avoid them altogether. Perl, similarly, makes it very easy to write bad scripts when compared to programming using a shell.

As an example of Perl’s problems, consider the Perl statement “open INPUT, $FILE” when $FILE happens to be an input from the user that could potentially contain ill-formed data such as “>/etc/passwd”. A reader of the code could assume the $FILE is being opened for read, whereas the statement would open “>/etc/passwd” for write (and, hence, truncate the file).

The “taint check” option of Perl, “perl -T”, is a substitute for a shell in most cases.

Use a current version of Perl. Older versions have some known vulnerabilities.

Perl References These references may be helpful:

perlsec (1) in /opt/perl/man in the HP-UX distribution.

http://www.perldoc.com/perl5.6/pod/perlsec.html, the web version of the manpage.

http://security-archive.merton.ox.ac.uk/bugtraq-200002/0114.html, an e-mail archive thread

Writing Privileged Response Programs

Solution A

Write the response program as a single, unprivileged C executable program, or as a single, unprivileged shell script, that processes the alert string and invokes one or more privileged setuid C executables to perform operations that require privilege. See “Solution A” on page 191.

The unprivileged C executable program or shell script should sanitize and set up the environment before invoking privileged programs so as to ensure that no dangerous data is being passed into the privileged programs which might adversely affect the behavior of the privileged programs. This solution enforces a clear separation of privilege by processing the text of the alert string with no privileges and calling out to privileged programs to perform privileged operations.

Solution B

Write the entire response program as a single, privileged setuid C executable program which both processes the alert string and which performs privileged operations.

190

Appendix B

Page 201 Page 203
Page 202
Image 202
HP Host Intrusion Detection System (HIDS) manual Programming Guidelines, Writing Perl vs. Shell Response Scripts, 190
Page 201 Page 203