Cores and Extras Heliotropic Computing

When we create a data structure code say a linked list or simply a string , a sentinel is used to determine the end point. Typically a NULL character is used at the last position of a string or at the address part of the last node of a single linked list. But this kind of sentinels must be used in a very secured way so that it won't be easily accessible. When we want to print a string or data from a linked list from a piece of code, it always checks with the NULL character as the termination point. So addition of a sentinel in an undesired position may always truncate the data. Deletion of a sentinel too cause serious problems in program logic. So vulnerabilities related to integrity often depends on these factors. Secure programming must take care of it. 

Buffer Overflow attack happens when more data sent to a system than it's designed to handle. This kind of attack may happen through unsecured programming , say if a program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer it may cause a buffer overflow. When buffer overflow attack happens , if it overwrites the allocated memory from the stack area then it's a stack based buffer overflow and when it overwrites the heap area then it's heap based buffer overflow. This kind of attack may lead to a system crash.
There are several preventive measures to be taken against this attack. They are discussed below:

i) Disallowing executable code by adding a line like 'set noexec_user_stack=1' to the /etc/system file. Now if a program attempts to execute code on their stack it will be aborted with a core dump and a warning message will be displayed with the process name, PID and UID. This message can be logged by syslog. Enable it by adding another to the /etc/system file , 'set noexec_user_stack_log=1'. A reboot is necessary to make it work.
ii) Removing unnecessary compilers.
iii) Unknown programs must NOT be executed.
iv) Disabling unnecessary ports and services by commenting lines in /etc/inetd.conf file.
v) Applying patches from Sun website.
vi) Using ASET (Aotomated Security Enhancement Tool) in high mode. (Check out 'man aset').

If you have a website which allows anonymous remote users to upload data onto your website , you must be very careful about the vulnerability issues in file uploading. First , check out the Path traversal Vulnerabilities . The file name of an uploaded stuff may be something like '../../xyz.abc' , be sure  to take necessary precautions. Same named file may already exist in the destination directory which may cause data overwriting , so an automatic renaming algorithm must be there. A file extension may give you wrong impression about the file content , you must check the file header to be sure about the content type. Before opening a file a virus detecting software must be used to avoid virus attacks. File size must be restricted to avoid storage exhaustion. Extra care for compressed files ( like a *.zip) is required as self referencing directory may consume valuable system resources.

Reference : http://shsc.info/FileUploadSecurity

When your shell script generating a temporary file for programming purpose you must be very careful as it's much vulnerable to attack. Say, you are using a shell script which creates temporary files in this unsecured way:
sort /home/ritwik/filename > /tmp/temp.$$
Now this code will generate a temporary file with the PID as a suffix. It will help an attacker to guess the other filenames. Since PID of your program will most likely be between 1 and 33000, if he creates 33000 symlinks one of them will definitely work.Now if an attacker creates a symlink with the assumed file name and point it to another file , say abc , then abc will be overwritten. If abc is an important system file then the system will be suffered. Atleast if the attacker edits the contents of the temporary file (since all user has read write permission in /tmp directory) the program will produce a wrong output.
Removing the symlink ( you can do it by : rm -rf /tmp/temp.$S) won't be a good solution as an attacker may recreate it before the sort command execution.
Solaris provides a much safer way to create temporary files with 'mktemp' (Check out 'man mktemp'). As the man page suggest , you can create a temporary file securely in this way :

TMPFILE=`mktemp -t example.XXXXXX`
if [ -z "$TMPFILE" ]; then exit 1; fi
echo "program output" >> $TMPFILE

Here you can place some X as a suffix which will be replaced by some random value , so pretty difficult to assume the file name.

Now think about some another condition , where you have created a good number of temporary files in a shell script. If you want to create each file in the above mentioned way , that would be a pretty laborious job. 'mktemp' provides another option to securely create a temporary directory in this way :

TMPDIR=`mktemp -d /usr/tmp/dir.XXXXXX`
if [ -z "$TMPDIR" ]; then exit 1; fi
echo "program output" >> $TMPDIR/somefilename

Here also you can place some X as a suffix which will be replaced by some random value , so pretty difficult to assume the directory name.

Solaris provides a cryptographic framework to it's users. There are different providers like user level , kernel level and even hardware level are available. Different kind of algorithms are used like symmetric , asymmetric or hash functions. While using a cryptography algorithm to secure some confidential data one thing must be keep in mind that weak algorithms may break all security measures and make confidential data available to some unauthorized user. There are many third party password encryption algorithms available in the web. Someone can download and install it through 'pkgadd' and use it by editing '/etc/security/crypt.conf' , '/etc/security/policy.conf' etc. But using a non-standard algorithm is dangerous because it's very much vulnerable to attack and intruders can easily gain access to a system by deciphering through those algorithms.
So password protection and other valuable data protection must be done by a widely used , well known and well standard encryption algorithm only. It's recommended to use algorithms which uses keys that are at least 128 bits in length for adequate security.
Weak hash functions also bring same kind of threats as reversible hash functions can be exploited by an intruder to determine the original input and gain access to a system. So while using any kind of cryptographic framework , an user must be very careful as it may cause serious security problems in a system.