PAM and Operating Systems Concepts Quiz

Questions and Answers

What is the primary vulnerability associated with the 'pass the hash' attack?

The primary vulnerability is that an attacker only needs to obtain the password hash, rendering the security of hashing ineffective.

Why is Kerberos preferred over NTLM in larger Windows networks?

Kerberos is preferred because it provides a more secure authentication mechanism compared to NTLM, which is older and has known vulnerabilities.

How did the development of PAM in 1995 change user authentication management?

PAM centralized user authentication management, allowing various programs to utilize a common authentication library instead of handling it independently.

List one significant function of the 'auth' activity in PAM.

The 'auth' activity in PAM is responsible for verifying user credentials, typically through passwords or other authentication methods like tokens or fingerprints.

What role does the 'account' activity play in PAM, following user authentication?

The 'account' activity decides whether an authenticated user is allowed to log in based on account permissions and conditions.

What is the primary function of PAM control flags in authentication?

PAM control flags determine the outcome of authentication modules, dictating whether to stop immediately, continue but report failure, or ignore results depending on the situation.

Explain the concept of protection rings in operating systems.

Protection rings are hierarchical levels of privilege in an operating system, where ring 0 has the highest privileges and interacts directly with hardware, while ring 3 has the least privileges and runs user applications.

How does a user process execute a system call in a protected operating environment?

A user process executes a system call by transitioning from user space (ring 3) to kernel space (ring 0) through a defined interface provided by the operating system.

What happens when a process attempts to execute a ring 0 instruction from ring 3?

The attempt results in a SIGILL (illegal instruction) signal, preventing execution due to insufficient privileges.

What would be the result of a PAM requisite module failing during authentication?

If a PAM requisite module fails, the authentication process immediately returns failure and halts further checks.

Define the role of system calls in the context of process management.

System calls serve as the interface for user processes to request services from the operating system, such as creating or terminating processes and managing memory.

What is the difference between sufficient and optional PAM control flags?

A sufficient flag indicates that if the module passes, authentication succeeds and further checks stop, while an optional flag means the result is ignored and does not affect authentication.

In the context of the operating system, what does user authentication involve?

User authentication involves verifying credentials, such as passwords, to determine if an entity is allowed access to a resource.

What two fundamental concepts are essential for access control in an operating system?

A protection system and a reference monitor.

How does a system implement Mandatory Access Control (MAC)?

By allowing only trusted administrators to modify the protection state via trusted software.

What characterizes a system that uses Discretionary Access Control (DAC)?

Users can modify the protection state at their discretion.

What does an access control matrix represent?

It represents an access control policy by showing what operations processes can perform on files.

What flexibility do Access Control Lists (ACLs) provide over traditional user/group models?

ACLs allow arbitrary permissions to be granted to specific users and groups.

What information is stored for each user in an operating system regarding groups?

User ID (uid), group ID (gid), and a groups list.

What are the three user IDs associated with each process?

Real user ID, Effective user ID, and Saved user ID.

What three types of permissions can be assigned to a file?

Read (r), write (w), and execute (x).

What is required to traverse a directory in a Linux file system?

Execute permission on the directory.

When a process wants to access a file, what is the first check that occurs?

The system checks the permissions associated with the file.

What is the purpose of the setuid bit in Linux?

The setuid bit allows users to run a program with the permissions of the program's owner, typically enabling access to privileged resources.

What distinguishes horizontal privilege escalation from vertical privilege escalation?

Horizontal privilege escalation refers to gaining privileges of another unprivileged user, while vertical escalation involves obtaining root or kernel privileges.

How does the fork() function affect UID inheritance in a new process?

The fork() function creates a new process where the child inherits the real, effective, and saved UIDs from the parent.

What is virtual memory and how does it enhance memory management?

Virtual memory allows processes to use virtual addresses which are mapped to physical addresses, enabling more efficient use of system memory.

What role does the Memory Management Unit (MMU) play in virtual memory?

The MMU performs the mapping of virtual addresses to physical addresses, facilitating the use of virtual memory.

What is a local root exploit?

A local root exploit is a vulnerability that allows an unprivileged user to gain root rights on a system.

Explain how setuid programs like 'su' and 'ping' use the setuid bit.

'su' allows users to switch to another user, typically root, while 'ping' requires elevated permissions to access raw network sockets.

Why is memory access control important in an operating system?

Memory access control is crucial for security, preventing one process from reading or writing to the memory of another process.

Describe the impact of context switches on the Translation Lookaside Buffer (TLB).

Context switches necessitate flushing the TLB to ensure that the correct memory address mappings are used for the new process.

What is the significance of PAM in user authentication for setuid programs?

PAM (Pluggable Authentication Module) provides a flexible framework for authenticating users before granting them elevated privileges through setuid programs.

What is the primary goal of a Trusted Computing Base (TCB) in Linux?

To protect user processes from each other and isolate the TCB from user processes.

How do loadable kernel modules benefit the Linux operating system?

They allow for modifications of the OS kernel at runtime without requiring a reboot.

Explain the significance of file descriptors in Unix systems.

File descriptors are integer indexes that map to a file descriptor table, allowing processes to reference files and devices.

What is the consequence of a child process inheriting open file descriptors?

It may lead to unauthorized I/O operations if sensitive descriptors are not closed before execution.

Describe the 'everything is a file' abstraction in Unix.

It refers to the representation of all resources, including devices and processes, as files in the file system.

What is a major advantage of a microkernel over a monolithic kernel regarding TCB size?

A microkernel has a smaller TCB, which reduces the potential attack surface for vulnerabilities.

How does access control (AC) function in a Unix system?

AC restricts access to resources based on permissions set for users and processes.

Name the system call used to close a file handle in Unix.

The system call is close().

What does the access() syscall check in Unix systems?

It checks a user’s access rights based on their real user ID.

What is the role of udev in the context of loadable kernel modules?

Udev automatically handles the loading of kernel modules.

Explain the tree hierarchy of directories in the Unix file system.

Files are logically organized in a hierarchical structure, resembling an inverted tree.

What type of support do kernel modules not have in Linux?

Kernel modules do not have floating-point support.

What is the purpose of the syscalls like open(), read(), and write() in Unix?

These syscalls allow user processes to interact with files and devices in a controlled manner.

What action is typically needed after modifying the OS kernel in traditional scenarios?

A reboot is typically required to apply the modifications.

Define the purpose of the init process in Linux.

The init process is responsible for starting user authentication and managing system services.

What is the main purpose of the No Write-Down policy in security levels?

It prevents a subject from writing to an object that has a lower security level, ensuring that sensitive information isn't leaked to less secure processes.

Explain the difference between strong tranquility and weak tranquility in security levels.

Strong tranquility means a process's security level never changes, while weak tranquility allows changes as long as they don't violate the security policy.

What is the significance of the Biba model in information integrity?

The Biba model is designed to protect the integrity of information by preventing subjects from reading/ writing information at levels below or above their own.

Describe how Linux Security Modules (LSMs) handle access control.

LSMs utilize hooks to allow the kernel to support various security models, enforcing access control decisions on security-critical resources.

What is the primary function of a chroot jail?

A chroot jail confines a process to a specified directory, making the outside file system invisible to that process.

How does OS-level virtualization differ from traditional virtualization?

OS-level virtualization operates multiple isolated user-space instances sharing the kernel, whereas traditional virtualization mimics entire hardware environments.

What role do namespaces play in containerization?

Namespaces restrict a container’s visibility of global resources, providing process-level isolation within the system.

Define control groups (cgroups) in the context of Linux containers.

Cgroups limit and manage the resource usage of different groups of processes, ensuring fair allocation of system resources.

What are the key components within the Android application layer?

The key components include Activities, Services, Broadcast Receivers, and Content Providers.

Explain application isolation in the Android security framework.

Application isolation ensures that each app operates within its secure environment, preventing access to other apps' data.

What does paravirtualization require compared to full virtualization?

Paravirtualization requires modifications to the guest OS and drivers to replace nonvirtualizable instructions with hypercalls.

What are the potential security implications of using the setuid() function improperly?

Improper use of setuid() can allow unauthorized elevation of privileges, potentially enabling users to escape privilege restrictions.

How does the concept of hardware full virtualization address the limitations of software full virtualization?

Hardware full virtualization reduces the complexity of the Virtual Machine Monitor (VMM) by introducing a protection ring specifically for the hypervisor.

Study Notes

Authentication

• Authentication is the process of verifying the identity of an entity.
• The operating system (OS) manages access to resources by needing to know who someone is.
• Typical user authentication involves login procedures.
• A shell is created mapped to the logged-in user.
• All programs run through the shell and are tied to the logged-in user.
• Authentication failure scenarios include impersonation.

Authentication Methods

• Authentication can be achieved through:
  • What you know: Passwords, challenge-response.
  • What you are: Biometrics (fingerprints, retina scans, voice recognition).
  • What you have: Tokens, smart cards.
• Multi-factor authentication combines multiple methods (knowledge, possession, inherence) for enhanced security.
• Typically, these issues are addressed with strong passwords, anti-counterfeiting techniques, and tamper proof hardware.
  • The text mentions potential issues with weak passwords.

Unix Users

• Unix systems have three primary account types:
  • Root account: The superuser account, with user ID 0 (root), manages system boot, user authentication, administration, and network services, and has full access.
  • User accounts: Provide interactive access to the system.
  • Account permissions can be manipulated with tools such as (etc/passwd), (etc/shadow), and (etc/group).

Authentication Over The Network

• Large corporate networks typically store user information centrally.
• User access to any machine within a network using one central directory.
• various ways for providing a protocol based log in across multiple machines
• Disadvantages of a centralized server can be single point of failure.

PAM (Pluggable Authentication Modules)

• PAM allows programs to use a central authentication mechanism.
• An example is SSH, GDM, LightDM, screen locks, su, sudo etc..
• PAM is a library used by many Unix applications for authentication.
• PAM authentication is decentralized allowing control over logging attempts and authorized actions.
• PAM is typically used to control events like user login attempts, or password changes. A PAM module controls each of those events.

Authorization

• Authorization is the process of determining if an entity (X) is allowed to access a resource (Y).
• The OS manages access to resources based on authorization rules.
• Authorization typically occurs without highly-privileged code, instead non-privileged code asks the OS for the necessary operations.
• Resources are protected using separate code in protection rings.
• Ring-0 is the highest level of privilege having direct access to hardware. Lower rings have less access.
• Attackers may use rings above 0 to obtain privileges from lower (protected) zones.

File Systems

• The file system organizes persistent data on storage devices.
• Files are logical units with names and associated information.
• Directories organize files in a hierarchical tree structure.
• System calls are the primary interface for interacting with the file system.

Access Control

• Access control (AC) manages access to resources.
• Access Control Lists (ACLs) are used to grant access permissions to users and groups.
• Access control matrices are used to represent access control policies, by listing process versus files with access rights specified
• Security properties include, but not limited to, mandatory access control (MAC) and discretionary access control (DAC).

Description

Test your knowledge on Pluggable Authentication Modules (PAM) and key operating system concepts. This quiz covers topics such as authentication management, system calls, and protection rings. Challenge yourself with questions that explore the intricacies of user authentication in modern operating systems.