D.1.6 Cryptography Papers and Other Publications Association for Computing Machinery. "Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy." Report of a Special Panel of the ACM U.S. Public Policy Committee location: USACM, June 1994. (URL: http://info.acm.org/reports/acm_crypto_study.html) Coppersmith, Don. IBM Journal of Research and Development 38 (1994). Diffie, Whitfield. "The First Ten Years of Public-Key Cryptography." Proceedings of the IEEE 76 (1988): 560-76. Whitfield Diffie's tour-de-force history of public key cryptography, with revealing commentaries. Diffie, Whitfield, and M.E. Hellman. "New Directions in Cryptography." IEEE Transactions on Information Theory IT-22 (1976). The article that introduced the concept of public key cryptography. Hoffman, Lance J., Faraz A. Ali, Heckler, Steven L. and Ann Huybrechts. "Cryptography Policy." Communications of the ACM 37 (1994): 109-17. Lai, Xuejia. "On the Design and Security of Block Ciphers." ETH Series in Information Processing 1 (1992). The article describing the IDEA cipher. Lai, Xuejia, and James L. Massey. "A Proposal for a New Block Encryption Standard." Advances in Cryptology-EUROCRYPT '90 Proceedings (1992): 55-70. Another article describing the IDEA cipher. LaMacchia, Brian A. and Andrew M. Odlyzko. "Computation of Discrete Logarithms in Prime Fields." Designs, Codes, and Cryptography. (1991):, 46-62. Lenstra, A.K., H. W. Lenstra, Jr., M.S. Manasse, and J.M. Pollard. "The Number Field Sieve." Proceedings of the 22nd ACM Symposium on the Theory of Computing. Baltimore MD: ACM Press, 1990, 564-72. Lenstra, A.K., Lenstra, Jr., H.W., Manasse, M.S., and J.M. Pollard. "The Factorization of the Ninth Fermat Number." Mathematics of Computation 61 (1993): 319-50. Merkle, Ralph. "Secure Communication Over Insecure Channels." Communications of the ACM 21 (1978): 294-99 (submitted in 1975). The article that should have introduced the concept of public key cryptography. Merkle, Ralph, and Martin E. Hellman. "On the Security of Multiple Encryption." Communications of the ACM 24 (1981): 465-67. Merkle, Ralph, and Martin E. Hellman. "Hiding Information and Signatures in Trap Door Knapsacks." IEEE Transactions on Information Theory 24 (1978): 525-30. National Bureau of Standards. Data Encryption Standard 1987.(FIPS PUB 46-1) Rivest, Ron. Ciphertext: The RSA Newsletter 1 (1993). Rivest, Ron, A. Shamir, and L. Adleman. "A Method for Obtaining Digital Signatures and Public Key Cryptosystems." Communications of the ACM 21 (1978). [Appendix D] Paper Sources file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appd_01.htm (5 of 11) [2002-04-12 10:45:18] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Simmons, G. J. "How to Insure that Data Acquired to Verify Treaty Compliance are Trustworthy." in "Authentication without secrecy: A secure communications problem uniquely solvable by asymmetric encryption techniques." IEEE EASCON '79, (1979): 661-62. D.1.7 General Computer Security Amoroso, Edward. Fundamentals of Computer Security Technology. Englewood Cliffs, NJ: Prentice-Hall, 1994. A very readable and complete introduction to computer security at the level of a college text. Carroll, John M. Computer Security. 2nd edition, Stoneham, MA: Butterworth Publishers, 1987. Contains an excellent treatment of issues in physical communications security. Computers & Security. This is a journal published eight times each year by Elsevier Press, Oxford, England. (Order from Elsevier Press, +44-(0) 865-512242.) It is one of the main journals in the field. This journal is priced for institutional subscriptions, not individuals. Each issue contains pointers to dozens of other publications and organizations that might be of interest, as well as referenced articles, practicums, and correspondence. The URL for the WWW page is included in "Security Periodicals." Computer Security Requirements - Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments, Fort George G. Meade, MD: National Computer Security Center, 1985. (Order number CSC-STD-003-85.) (The Yellow Book) Datapro Reports on Computer Security. Delran, NJ: McGraw-Hill. (Order from Datapro, 609-764-0100.) An ongoing (and expensive) series of reports on various issues of security, including legislation trends, new products, items in the news, and more. Practitioners are divided on the value of this publication, so check it out carefully before you buy it to see if it is useful in your situation. Department of Defense Password Management Guideline. Fort George G. Meade, MD: National Computer Security Center, 1985. (Order number CSC-STD-002-85.) (The Green Book) Department of Defense Trusted Computer System Evaluation Criteria. Fort George G. Meade, MD: National Computer Security Center, 1985. (Order number DoD 5200.28-STD.) (The Orange Book) Fites, P. E., M. P. J. Kratz, and A. F. Brebner. Control and Security of Computer Information Systems. Rockville, MD: Computer Science Press, 1989. A good introduction to the administration of security policy and not techniques. Gasser, Morrie. Building a Secure Computer System. New York, NY: Van Nostrand Reinhold, 1988. A solid introduction to issues of secure system design. Hunt, A. E., S. Bosworth, and D. B. Hoyt, eds. Computer Security Handbook, 3rd edition. New York, NY: Wiley, 1995. A massive and thorough collection of essays on all aspects of computer security. National Research Council, Computers at Risk: Safe Computing in the Information Age. Washington, DC: National Academy Press, 1991. (Order from NRC, 1-800-624-6242.) This book created considerable comment. It's a report of a panel of experts discussing the need for national concern and research in the areas of computer security and privacy. Some people think it is a significant publication, while others believe it has faulty assumptions and conclusions. Either way, you should probably read it. [Appendix D] Paper Sources file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appd_01.htm (6 of 11) [2002-04-12 10:45:18] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Pfleeger, Charles P. Security in Computing. Englewood Cliffs, NJ: Prentice-Hall, 1989. Another good introduction to computer security. Russell, Deborah, and G. T. Gangemi, Sr. Computer Security Basics. Sebastopol, CA: O'Reilly & Associates, 1991. An excellent introduction to many areas of computer security and a summary of government security requirements and issues. Thompson, Ken. "Reflections on Trusting Trust" Communications of the ACM, Volume 27, Number 8, August (1984). This is a "must-read" for anyone seeking to understand the limits of computer security and trust. Wood, Charles Cresson, et al. Computer Security: A Comprehensive Controls Checklist, New York, NY: John Wiley & Sons, 1987. Contains many comprehensive and detailed checklists for assessing the state of your own computer security and operations. Wood, Charles Cresson. Information Security Policies Made Easy. Sausalito, CA: Baseline Software, 1994. This book and accompanying software allow the reader to construct a corporate security policy using hundreds of components listed in the book. Pricey, but worth it if you need to write a comprehensive policy: Baseline Software PO Box 1219 Sausalito, CA 94966-1219 ++1 415-332-7763 D.1.8 Network Technology and Security Bellovin, Steve and Cheswick, Bill. Firewalls and Internet Security. Reading, MA: Addison-Wesley, 1994. The classic book on firewalls. This book will teach you everything you need to know about how firewalls work, but it will leave you without implementation details unless you happen to have access to the full source code to the UNIX operating system and a staff of programmers who can write bug-free code. Chapman, D. Brent, and Elizabeth D. Zwicky. Building Internet Firewalls. Sebastopol, CA: O'Reilly & Associates, 1995. A good how-to book that describes in clear detail how to build your own firewall. Comer, Douglas E. Internetworking with TCP/IP. 3rd Edition. Englewood Cliffs, NJ: Prentice Hall, 1995. A complete, readable reference that describes how TCP/IP networking works, including information on protocols, tuning, and applications. Frey, Donnalyn, and Rick Adams. !%@:: A Directory of Electronic Mail Addressing and Networks, Sebastopol, CA: O'Reilly & Associates, 1990. This guide is a complete reference to everything you would ever want to know about sending electronic mail. It covers addressing and transport issues for almost every known network, along with lots of other useful information to help you get mail from here to there. Highly recommended. Hunt, Craig. TCP/IP Network Administration. Sebastopol, CA: O'Reilly & Associates, 1992. This book is an excellent system administrator"s overview of TCP/IP networking (with a focus on UNIX systems), and a very useful reference to major UNIX networking services and tools such as BIND (the standard [Appendix D] Paper Sources file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appd_01.htm (7 of 11) [2002-04-12 10:45:18] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com UNIX DNS Server) and sendmail (the standard UNIX SMTP Server). Kaufman, Charles, Radia Perlman, and Mike Speciner. Network Security: Private Communications in a Public World. Englewood Cliffs, NJ: Prentice-Hall, 1995. Liu, Cricket, Jerry Peek, Russ Jones, Bryan Buus, and Adrian Nye. Managing Internet Information Services, Sebastopol, CA: O'Reilly & Associates, 1994. This is an excellent guide to setting up and managing Internet services such as the World Wide Web, FTP, Gopher, and more, including discussions of the security implications of these services. Stallings, William. Network and Internetwork Security: Principles and Practice. Englewood Cliffs, NJ: Prentice Hall, 1995. A good introductory textbook. Stevens, Richard W. TCP/IP Illustrated. The Protocols, Volume 1. Reading, MA: Addison-Wesley, 1994. This is a good guide to the nuts and bolts of TCP/IP networking. Its main strength is that it provides traces of the packets going back and forth as the protocols are actually in use, and uses the traces to illustrate the discussions of the protocols. Quarterman, John. The Matrix: Computer Networks and Conferencing Systems Worldwide. Bedford, MA: Digital Press, 1990. A dated but still insightful book describing the networks, protocols, and politics of the world of networking. D.1.9 Security Products and Services Information Computer Security Buyer's Guide. Computer Security Institute, San Francisco, CA. (Order from CSI, 415-905-2626.) Contains a comprehensive list of computer security hardware devices and software systems that are commercially available. The guide is free with membership in the Institute. The URL is at http://www.gocsi.com. D.1.10 Understanding the Computer Security "Culture" All of these describe views of the future and computer networks that are much discussed (and emulated) by system crackers. Brunner, John. Shockwave Rider. New York, NY: A Del Ray Book, published by Ballantine, 1975. One of the first descriptions of a computer worm. Gibson, William. Burning Chrome, Count Zero, Mona Lisa Overdrive, and Neuromancer New York, NY: Bantam Books These four cyberpunk books by the science fiction author who coined the term "cyberspace." Hafner, Katie and John Markoff, Cyberpunk: Outlaws and Hackers on the Computer Frontier. New York, NY: Simon and Schuster, 1991. Tells the stories of three hackers - Kevin Mitrick, Pengo, and Robert T. Morris. Levy, Steven. Hackers: Heroes of the Computer Revolution. New York, NY: Dell Books, 1984. One of the original publications describing the "hacker ethic." Littman, Jonathan, The Fugitive Game: Online with Kevin Mitnick. Boston, MA: Little, Brown, 1996. A [Appendix D] Paper Sources file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appd_01.htm (8 of 11) [2002-04-12 10:45:18] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com year prior to his capture in 1995, Jonathan Littman had extensive telephone conversations with Kevin Mitnick and learned what it is like to be a computer hacker on the run. This is the story. Shimomura, Tsutomu, with John Markoff. Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw By the Man Who Did it. New York, NY: Hyperion, 1995. On Christmas Day, 1994, an attacker broke into Tsutomu Shimomura's computer. A few weeks later, Shimomura was asked to help out with a series of break-ins at two major Internet service providers in the San Fransisco area. Eventually, the trail led to North Carolina, where Shimomura participated in the tracking and capture of Kevin Mitnick. This is the story, written by Shimomura and Markoff. Markoff is the journalist with The New York Times who covered the capture. Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the Electronic Frontier. This book is available in several places on the WWW; http://www-swiss.ai.mit.edu/~bal/sterling/contents.html is one location; other locations can be found in the COAST hotlist. Stoll, Cliff. The Cuckoo's Egg, Garden City, NY: Doubleday, 1989. An amusing and gripping account of tracing a computer intruder through the networks. The intruder was later found to be working for the KGB and trying to steal sensitive information from U.S. systems. Varley, John. Press Enter. Reprinted in several collections of science fiction, including Blue Champagne, Ace Books, 1986; Isaac Asimov's Science Fiction Magazine, 1984; and Tor SF Doubles, October, Tor Books, 1990. Vinge, Vernor. True Names and Other Dangers. New York, NY: Baen, distributed by Simon & Schuster, 1987. D.1.11 UNIX Programming and System Administration Albitz, Paul and Cricket Liu. DNS and BIND. Sebastopol, CA: O'Reilly & Associates, 1992. An excellent reference for setting up DNS nameservers. Bach, Maurice. The Design of the UNIX Operating System. Englewood Cliffs, NJ: Prentice-Hall, 1986. Good background about how the internals of UNIX work. Basically oriented toward older System V UNIX, but with details applicable to every version. Bolsky, Morris I., and David G. Korn. The New Kornshell Command and Programming Language. Englewood Cliffs, NJ: Prentice-Hall, 1995. This is a complete tutorial and reference to the 1992 ksh - the only shell some of us use when given the choice. Costales, Bryan, with Eric Allman and Neil Rickert. sendmail. Sebastopol, CA: O'Reilly & Associates, 1993. Rightly or wrongly, many UNIX sites continue to use the sendmail mail program. This huge book will give you tips on configuring it more securely. Goodheart, B. and J. Cox. The Magic Garden Explained: The Internals of UNIX SVR4. Englewood Cliffs, N.J.: Prentice-Hall, 1994 Harbison, Samuel P. and Guy L. Steele Jr., C, a Reference Manual. Englewood Cliffs, NJ: Prentice Hall, 1984. Hu, Wei. DCE Security Programming. Sebastopol, CA: O'Reilly & Associates, 1995. [Appendix D] Paper Sources file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appd_01.htm (9 of 11) [2002-04-12 10:45:18] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Kernighan, Brian, Dennis Ritchie and Rob Pike. The UNIX Programming Environment. Englewood Cliffs, NJ: Prentice-Hall, 1984. A nice guide to the UNIX philosophy and how to build shell scripts and command environments under UNIX. Leffler, Samuel, Marshall Kirk McKusick, Michael Karels, and John Quarterman. The Design and Implementation of the 4.3 BSD UNIX Operating System. Reading, MA: Addison Wesley, 1989. This book can be viewed as the BSD version of Maurice Bach's book. It is a readable and detailed description of how and why the BSD UNIX system is designed the way it is. (An updated version covering BSD 4.4 is rumored to be in production, to appear after publication of this edition.) Nemeth, Evi, Garth Snyder, Scott Seebass, and Trent R. Hein. UNIX System Administration Handbook. 2nd Edition. Englewood Cliffs, NJ: Prentice-Hall, 1995. An excellent reference on the various ins and outs of running a UNIX system. This book includes information on system configuration, adding and deleting users, running accounting, performing backups, configuring networks, running sendmail, and much more. Highly recommended. O'Reilly, Tim, and Grace Todino. Managing UUCP and Usenet. Sebastopol CA: O'Reilly & Associates, 1992. If you run UUCP on your machine, you need this book. It discusses all the various intricacies of running the various versions of UUCP. Included is material on setup and configuration, debugging connections, and accounting. Highly recommended. Peek, Jerry et al. UNIX Power Tools, Sebastopol, CA: O'Reilly & Associates, 1993. Ramsey, Rick. All About Administering NIS+. Englewood Cliffs, NJ: Prentice-Hall, 1994. Rochkind, Marc. Advanced UNIX Programming. Englewood Cliffs, NJ: Prentice-Hall, 1985. This book has easy-to-follow introduction to various system calls in UNIX (primarily System V) and explains how to use them from C programs. If you are administering a system and reading or writing system-level code, this book is a good way to get started, but keep in mind that this is rather dated. Stevens, W. Richard. Advanced Programming in the UNIX Environment. Reading, MA: Addison-Wesley, 1992. D.1.12 Miscellaneous References Hawking, Stephen W. A Brief History of Time: From the Big Bang to Black Holes, New York, NY: Bantam Books, 1988. Want to find the age of the universe? It's in here, but UNIX is not. Miller, Barton P., Lars Fredriksen, and Bryan So. "An Empirical Study of the Reliability of UNIX Utilities," Communications of the ACM, Volume 33, Number 12, December 1990, 32-44. A thought-provoking report of a study showing how UNIX utilities behave when given unexpected input. Wall, Larry, and Randal L. Schwartz. Programming perl, Sebastopol, CA: O'Reilly & Associates, 1991. The definitive reference to the Perl scripting language. A must for anyone who does much shell, awk, or sed programming or would like to quickly write some applications in UNIX. Wall, Larry and Randal L. Schwartz. Learning perl, Sebastopol, CA: O'Reilly & Associates, 1993. [Appendix D] Paper Sources file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appd_01.htm (10 of 11) [2002-04-12 10:45:18] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com C.5 Starting Up UNIX and Logging In D.2 Security Periodicals [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] [Appendix D] Paper Sources file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appd_01.htm (11 of 11) [2002-04-12 10:45:18] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Appendix C C. UNIX Processes Contents: About Processes Creating Processes Signals The kill Command Starting Up UNIX and Logging In This appendix provides technical background on how the UNIXoperating system manages processes. The information presented in this chapter is important to understand if you are concerned with the details of system administration or are simply interested in UNIX internals, but we felt that it was too technical to present early in this book. C.1 About Processes UNIX is a multitasking operating system. Every task that the computer is performing at any moment - every user running a word processor program, for example - has a process. The process is the operating system's fundamental tool for controlling the computer. Nearly everything that UNIX does is done with a process. One process displays the word login: on the user's terminal and reads the characters that the user types to log into the system. Another process controls the line printer. On a workstation, a special process called the "window server" displays text in windows on the screen. Another process called the "window manager" lets the user move those windows around. At any given moment, the average UNIX operating system might be running anywhere from ten to several hundred different processes; large mainframes might be running several thousand. UNIX runs at least one process for every user who is logged in, another process for every program that every user is running, and another process for every hard-wired terminal that is waiting for a new user to log in. UNIX also uses a variety of special processes for system functions. C.1.1 Processes and Programs A process is an abstraction of control that has certain special properties associated with it. These include a private stack, values of registers, a program counter, an address space containing program code and data, and so on. The underlying hardware and operating system software manage the contents of registers in such a way that each process views the computer's resources as its "own" while it is running. With a single processor, only one process at a time is actually running, with the operating system swapping processes from time to time to give the illusion that they are all running concurrently. Multi-processor computers can naturally run several processes with true synchronicity. Every UNIX process has a program that it is running, even if that program is part of the UNIX operating system (a special program). Programs are usually referred to by the names of the files in which they are kept. For example, the program that lists files is called /bin/ls and the program that runs the line printer may be called /usr/lib/lpd. A process can run a program that is not stored in a file in either of two ways: The program's file can be deleted after its process starts up. In this case, the process's program is really stored in a file, but the file no longer has a name and cannot be accessed by any other processes. The file is deleted automatically when the process exits or runs another program. ● The process may have been specially created in the computer's memory. This is the method that the UNIX kernel uses to begin the first process when the operating system starts up. This usually happens only at start-up, but some programming languages ● [Appendix C] UNIX Processes file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appc_01.htm (1 of 7) [2002-04-12 10:45:19] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com such as LISP can load additional object modules as they are running. Normally, processes run a single program and then exit. However, a program can cause another program to be run. In this case, the same process starts running another program. C.1.2 The ps Command The ps command gives you a snapshot of all of the processes running at any given moment. ps tells you who is running programs on your system, as well as which programs the operating system is spending its time executing. Most system administrators routinely use the ps command to see why their computers are running so slowly; system administrators should also regularly use the command to look for suspicious processes. (Suspicious processes are any processes that you don't expect to be running. Methods of identifying suspicious processes are described in detail in earlier chapters.) C.1.2.1 Listing processes with systems derived from System V The System V ps command will normally only print the processes that are associated with the terminal on which the program is being run. To list all of the processes that are running on your computer, you must run the program with the -ef options. The options are: Option Effect e List all processes f Produce a full listing For example: sun.vineyard.net% /bin/ps -ef UID PID PPID C STIME TTY TIME COMD root 0 0 64 Nov 16 ? 0:01 sched root 1 0 80 Nov 16 ? 9:56 /etc/init - root 2 0 80 Nov 16 ? 0:10 pageout root 3 0 80 Nov 16 ? 78:20 fsflush root 227 1 24 Nov 16 ? 0:00 /usr/lib/saf/sac -t 300 root 269 1 18 Nov 16 console 0:00 /usr/lib/saf/ttymon -g - root 97 1 80 Nov 16 ? 1:02 /usr/sbin/rpcbind root 208 1 80 Nov 16 ? 0:01 /usr/dt/bin/dtlogin root 99 1 21 Nov 16 ? 0:00 /usr/sbin/keyserv root 117 1 12 Nov 16 ? 0:00 /usr/lib/nfs/statd root 105 1 12 Nov 16 ? 0:00 /usr/sbin/kerbd root 119 1 27 Nov 16 ? 0:00 /usr/lib/nfs/lockd root 138 1 12 Nov 16 ? 0:00 /usr/lib/autofs/automoun root 162 1 62 Nov 16 ? 0:01 /usr/lib/lpsched root 142 1 41 Nov 16 ? 0:00 /usr/sbin/syslogd root 152 1 80 Nov 16 ? 0:07 /usr/sbin/cron root 169 162 8 Nov 16 ? 0:00 lpNet root 172 1 80 Nov 16 ? 0:02 /usr/lib/sendmail -q1h root 199 1 80 Nov 16 ? 0:02 /usr/sbin/vold root 180 1 80 Nov 16 ? 0:04 /usr/lib/utmpd root 234 227 31 Nov 16 ? 0:00 /usr/lib/saf/listen tcp simsong 14670 14563 13 12:22:12 pts/11 0:00 rlogin next root 235 227 45 Nov 16 ? 0:00 /usr/lib/saf/ttymon simsong 14673 14535 34 12:23:06 pts/5 0:00 rlogin next simsong 14509 1 80 11:32:43 ? 0:05 /usr/dt/bin/dsdm simsong 14528 14520 80 11:32:51 ? 0:18 dtwm simsong 14535 14533 66 11:33:04 pts/5 0:01 /usr/local/bin/tcsh simsong 14529 14520 80 11:32:56 ? 0:03 dtfile -session dta003TF root 14467 1 11 11:32:23 ? 0:00 /usr/openwin/bin/fbconso simsong 14635 14533 80 11:48:18 pts/12 0:01 /usr/local/bin/tcsh simsong 14728 14727 65 15:29:20 pts/9 0:01 rlogin next root 332 114 80 Nov 16 ? 0:02 /usr/dt/bin/rpc.ttdbserv root 14086 208 80 Dec 01 ? 8:26 /usr/openwin/bin/Xsun :0 simsong 13121 13098 80 Nov [Appendix C] UNIX Processes file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appc_01.htm (2 of 7) [2002-04-12 10:45:19] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com 29 pts/6 0:01 /usr/local/bin/tcsh simsong 15074 14635 20 10:48:34 pts/12 0:00 /bin/ps -ef Table 27.2 describes the meaning of each field in this output. Field in ps Output (System V) Table C.1: Feild in ps Output (System V) Field Meaning UID The username of the person running the command PID The process's identification number (see next section) PPID The process ID of the process's parent process C The processor utilization; an indication of how much CPU time the process is using at the moment STIME The time that the process started executing TTY The controlling terminal for the process TIME The total amount of CPU time that the process has used COMD The command that was used to start the process C.1.2.2 Listing processes with Berkeley-derived versions of UNIX With Berkeley UNIX, you can use the command: % ps -auxww to display detailed information about every process running on your computer. The options specified in this command are: Option Effect a List all processes u Display the information in a user-oriented style x Include information on processes that do not have controlling ttys ww Include the complete command lines, even if they run past 132 columns For example:[1] [1] Many Berkeley-derived versions also show a start time (START) between STAT and TIME. % ps -auxww USER PID %CPU %MEM SZ RSS TT STAT TIME COMMAND simsong 1996 62.6 0.6 1136 1000 q8 R 0:02 ps auxww root 111 0.0 0.0 32 16 ? I 1:10 /etc/biod 4 daemon 115 0.0 0.1 164 148 ? S 2:06 /etc/syslog root 103 0.0 0.1 140 116 ? I 0:44 /etc/portmap root 116 0.0 0.5 860 832 ? I 12:24 /etc/mountd -i -s root 191 0.0 0.2 384 352 ? I 0:30 /usr/etc/bin/lpd root 73 0.0 0.3 528 484 ? S < 7:31 /usr/etc/ntpd -n root 4 0.0 0.0 0 0 ? I 0:00 tpathd root 3 0.0 0.0 0 0 ? R 0:00 idleproc root 2 0.0 0.0 4096 0 ? D 0:00 pagedaemon root 239 0.0 0.1 180 156 co I 0:00 std.9600 console root 0 0.0 0.0 0 0 ? D 0:08 swapper root 178 0.0 0.3 700 616 ? I 6:31 /etc/snmpd root 174 0.0 0.1 184 148 ? S 5:06 /etc/inetd root 168 0.0 0.0 56 44 ? I 0:16 /etc/cron root 132 0.0 0.2 452 352 co I 0:11 /usr/etc/lockd jdavis 383 0.0 0.1 176 96 p0 I 0:03 rlogin hymie ishii 1985 0.0 0.1 284 152 q1 S 0:00 /usr/ucb/mail bl root 26795 0.0 0.1 128 92 ? S 0:00 timed root 25728 0.0 0.0 136 56 t3 I 0:00 telnetd jdavis 359 0.0 0.1 540 212 p0 I 0:00 -tcsh (tcsh) [Appendix C] UNIX Processes file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appc_01.htm (3 of 7) [2002-04-12 10:45:19] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com [...]... http://www.simpopdf.com wheel 16 384 Aug 23 1 989 /usr/ucb/rlogin Simpo PDF 1 root -rwsr-xr-x 1 root wheel 16 384 Aug 18 1 989 /usr/ucb/rsh -rwsr-sr-x 1 root tty 327 68 Nov 11 17:17 /usr/etc/rdump These programs must be SUID root because they use privileged ports to do username authentication -rwsr-xr-x 1 daemon wheel 16 384 Aug 18 1 989 /usr/bin/atq -rwsr-xr-x 1 daemon wheel 16 384 Aug 18 1 989 /usr/bin/at... daemon 24576 Sep 3 1 989 /usr/bin/uux s s x 1 uucp daemon 16 384 Sep 3 1 989 /usr/bin/uulog s s x 1 uucp daemon 16 384 Sep 3 1 989 /usr/bin/uuname s s x 1 uucp daemon 16 384 Sep 3 1 989 /usr/bin/uusnap s s x 1 uucp daemon 24576 Sep 3 1 989 /usr/bin/uupoll s s x 1 uucp daemon 16 384 Sep 3 1 989 /usr/bin/uuq s s x 2 uucp daemon 16 384 Sep 3 1 989 /usr/bin/uusend s s x 2 uucp daemon 16 384 Sep 3 1 989 /usr/bin/ruusend... approach -rwsr-xr-x 1 root wheel 16 384 Aug 18 1 989 /usr/ucb/quota The quota command must be SUID root so that it can read the quota file -rwsr-xr-x 1 root wheel 16 384 Aug 18 1 989 /usr/ucb/rcp file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appb_03.htm (5 of 7) [2002-04-12 10:45:19] [Appendix B] B.3 SUID and SGID Files -rwsr-x x 1 root wheel 327 68 Aug 18 1 989 /usr/ucb/rdist -rwsr-xr-x... ping program needs to use raw IP -rws x x 1 uucp bin 556 08 Jul 16 1994 /usr/bin/tip -s x x 1 root uucp 688 16 Jul 15 1994 /usr/bin/ct -s x x 1 uucp uucp 81 904 Jul 15 1994 /usr/bin/cu These programs are SUID uucp so that they can access the dialer and modem devices -r-sr-xr-x 2 root bin 1 088 8 Jul 16 1994 /usr/bin/uptime -r-sr-xr-x 2 root bin 1 088 8 Jul 16 1994 /usr/bin/w We can't figure out why these... 1 root wheel 16 384 Aug 18 1 989 /usr/etc/ping ping must be SUID root so that it can transmit ICMP ECHO requests on the raw IP port -r-s x x 1 root wheel 16 384 Aug 18 1 989 /usr/etc/timedc The timedc (Time Daemon Control) program must be SUID root so that it can access the privileged time port -r-sr-x x 3 root wheel 81 920 Sep 7 1 989 /usr/lib/sendmail -r-sr-x x 3 root wheel 81 920 Sep 7 1 989 /usr/bin/newaliases... line-printer user commands must be SUID so they can access spool files and the printer device -rwsr-xr-x 1 root wheel 24576 Aug 18 1 989 /bin/ps -rwsr-xr-x 2 root wheel 57344 Aug 18 1 989 /usr/ucb/w -rwsr-xr-x 2 root wheel 57344 Aug 18 1 989 /usr/ucb/uptime -rwsr-xr-x 1 root wheel 16 384 Aug 18 1 989 /usr/bin/iostat These programs must be SUID root because they need to read the kernel's memory to generate the statistics... /usr/lib/pt_chmod file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appb_03.htm (3 of 7) [2002-04-12 10:45:19] [Appendix B] B.3 SUID and SGID Files -r-sr-xr-x 1 root bin 584 8 Jul 16 1994 /usr/lib/utmp_update -rwsr-xr-x 1 root bin 86 68 Jul 16 1994 /usr/sbin/mkdevalloc Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com -rwsr-xr-x 1 root bin 9 188 Jul 16 1994 /usr/sbin/mkdevmaps... 70.0 6.7 2.26M 1.08M 01 R 4:01 cruncher mike 129 8. 2 15.1 7.06M 2.41M 01 S 0: 48 csh donna 212 7.0 7.3 2.56M 1.16M p1 S 1: 38 csh file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appc_01.htm (5 of 7) [2002-04-12 10:45:19] [Appendix C] UNIX Processes michelle 290 4.0 11.9 14.4M 1.91M 03 R 19:00 rogue % Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com You could... Simpo PDF 1 root -rwxr-sr-x Merge and Split Unregistered Version11 17:07 /usr/etc/arp kmem 4772 Nov - http://www.simpopdf.com -rwxr-sr-x 1 root kmem 2456 Nov 11 17:14 /usr/etc/dmesg -rwxr-sr-x 1 root kmem 4276 Nov 11 17:35 /usr/etc/kgmon -rwxr-sr-x 1 root kmem 5 188 Nov 11 18: 16 /usr/etc/vmmprint -rwxr-sr-x 1 root kmem 3 584 Nov 11 18: 16 /usr/etc/vmoprint -rwxr-sr-x 1 root kmem 5520 Nov 11 20: 38 /usr/etc/nfsstat... DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appb_03.htm (7 of 7) [2002-04-12 10:45:19] [Chapter 1] Introduction Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Chapter 1 1 Introduction Contents: What Is Computer Security? What Is an Operating System? History of UNIX . 14635 14533 80 11: 48: 18 pts/12 0:01 /usr/local/bin/tcsh simsong 147 28 14727 65 15:29:20 pts/9 0:01 rlogin next root 332 114 80 Nov 16 ? 0:02 /usr/dt/bin/rpc.ttdbserv root 14 086 2 08 80 Dec 01 ? 8: 26. wheel 24576 Aug 18 1 989 /bin/ps -rwsr-xr-x 2 root wheel 57344 Aug 18 1 989 /usr/ucb/w -rwsr-xr-x 2 root wheel 57344 Aug 18 1 989 /usr/ucb/uptime -rwsr-xr-x 1 root wheel 16 384 Aug 18 1 989 /usr/bin/iostat These. root wheel 327 68 Aug 18 1 989 /usr/ucb/rdist -rwsr-xr-x 1 root wheel 16 384 Aug 23 1 989 /usr/ucb/rlogin -rwsr-xr-x 1 root wheel 16 384 Aug 18 1 989 /usr/ucb/rsh -rwsr-sr-x 1 root tty 327 68 Nov 11 17:17