A Study on Impersonation Attack of Linux Sudoers Through Shadow File Manipulation


KIPS Transactions on Computer and Communication Systems, Vol. 9, No. 7, pp. 149-156, Jul. 2020
https://doi.org/10.3745/KTCCS.2020.9.7.149,   PDF Download:
Keywords: Linux, Ubuntu, Password, Shadow File, Administrator Privilege
Abstract

All operating systems have privileged administrator accounts for efficient management. Dangerous or sensitive tasks or resources should be banned from normal users and should only be accessible by administrators. One example of this privilege is to reset a user's password when the user loses his/her password. In this paper, the privileges of the sudoer group, the administrator group of Linux Ubuntu, and the management system of the sudoer group were analyzed. We show the danger that a sudoer can use the privilege to change the password of other users, including other sudoers, and modify the log, and suggest a countermeasure to prevent the manipulation of shadow files as a solution to this. In addition, the proposed method was implemented and the possibility of practical use was confirmed with excellent performance.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
S. Kim and T. Cho, "A Study on Impersonation Attack of Linux Sudoers Through Shadow File Manipulation," KIPS Transactions on Computer and Communication Systems, vol. 9, no. 7, pp. 149-156, 2020. DOI: https://doi.org/10.3745/KTCCS.2020.9.7.149.

[ACM Style]
Sanghun Kim and Taenam Cho. 2020. A Study on Impersonation Attack of Linux Sudoers Through Shadow File Manipulation. KIPS Transactions on Computer and Communication Systems, 9, 7, (2020), 149-156. DOI: https://doi.org/10.3745/KTCCS.2020.9.7.149.