Books: A User's Report
Elizabeth Zinkann This month I review a new book on UNIX system security, a revised edition of O'Reilly's popular UNIX in a Nutshell, and a new book by W. Richard Stevens, Advanced Programming in the UNIX Environment.
UNIX System Security
A Guide for Users and System Administrators In the years since UNIX was developed, UNIX security has been both ignored and intensely implemented. When UNIX was first designed, it was primarily a programmer's tool and was used in team efforts. In this context, there was little need for security. With wider use, however, it became necessary to protect some aspects of the UNIX operating system. With UNIX System Security, Curry addresses both users and system administrators, noting that both share responsibility for system security. He begins by discussing four well-known cases of attacks on UNIX systems. The descriptions of these attacks make for fascinating historical reading, even for those who are not particularly interested in computers, but do enjoy a good detective novel. The author recounts what the attacks were, what temporary and permanent harm they caused, and how they were found. After this introduction to attacks and viruses, Curry devotes the rest of the book to security procedures that could have prevented these attacks. Focusing on the user's role in maintaining security, Curry provides a set of guidelines for choosing a password and a set of strictures on what not to pick, along with examples for both. Even with your account seemingly well-protected by an unbreakable password, you must still defend your files from unwanted intrusion. Curry examines several UNIX commands designed to prevent any other user from copying, changing, or deleting your files or directories. He also stresses the importance of good backup strategies and ways in which file system security may be monitored. The remainder of UNIX System Security is dedicated to specific security topics, including workstations, terminals, modems, and TCP/IP network security. Curry discusses NIS, NFS, and RFS, and dedicates one full chapter to responding to attacks and another to encryption and authentication. One of the most interesting chapters, "Security Policies," investigates what should constitute a security policy and why. The author does not recommend a standard policy; instead, he explores the elements that comprise an effective security policy so that each individual can customize a policy for his/her system. UNIX System Security is so clearly written that even some of the more complex topics become easy to understand, and there are sections that even the most inexperienced user will comprehend. Each chapter begins with an introduction explaining the chapter's concepts and ends with a summary of the chapter's most important points. Curry also presents a great deal of supplementary -- and, in some cases -- surprising information. He includes USENET newsgroups, suggested reading, an excellent bibliography, and a well-documented glossary, in addition to the source code for a password cracker, a filesystem checker, and dialogue from an open network authentication system named "Kerberos." The open network authentication system has been reprinted with the permission of MIT, where Project Athena was designed and implemented. Security is often overlooked when the novice first learns UNIX. Curry has provided an essential text in security for both the beginning and the experienced UNIX user.
UNIX in a Nutshell O'Reilly and Associates, Inc. publish UNIX in a Nutshell, one of the most useful desk references available. Versions of the book are available for both the Berkeley UNIX system and UNIX System V. Through the efforts of Daniel Gilly, with the continued support of O'Reilly and Associates, UNIX in a Nutshell for System V has been revised. The new edition includes System V Release 4 and information pertaining to Solaris 2.0. As I compared the two versions, I found the same quality in both books. However, the updated edition contains several sections that the previous version had omitted. Even the introduction encompasses more information. The UNIX command section has been expanded, although (thankfully) the alphabetical summary of the commands has been retained. The authors have included a very helpful diagram of the history of Solaris 2.0, some commands that do not exist in UNIX System V Release 3, and a guide for users of BSD systems. Also included are twelve tables that attempt to classify the UNIX commands in categories -- such as communication -- to make it easier for the new users to find the commands they need. The previous edition included the Bourne and C shells in one section. In the new version, the Bourne and Korn shells are in one chapter, while the C shell has a section by itself. Each of these chapters is longer than the original shell section. Whereas the prior edition did include pattern matching, it did not contain any information on the UNIX editors. The new issue not only improves the pattern matching section, but also includes separate chapters on the emacs, vi, and ex editors. In addition, the current version presents sections on two data manipulation tools: sed, the stream editor, and the awk scripting language. The authors have retained the sections on nroff, troff, the macro packages and their preprocessors, as well as the chapters on SCCS and MAKE. All of the sections imported from the earlier versions have been reworked and improved. New to this edition is a section on the RCS utility, the Revision Control System. To some extent, the sections on SCCS and RCS complement one another, which makes them particularly helpful to those users who are used to one control system but are making the transition to another. The section dealing with Program Debugging has changed significantly. In the previous edition, the two debuggers examined were sdb (symbolic debugger) and adb (absolute debugger). The current version has eliminated adb in favor of the dbx debugger, which is available only in Solaris 2.0. However, the authors have retained the information on the more popular sdb. If you are familiar with the O'Reilly Nutshell Handbooks, you may be expecting a spiral-bound book. However, O'Reilly now uses the popular lay-flat bindings, which work quite well. I have tried opening my copy of the book to several different places and it hasn't transferred me to another section of the book (against my will) yet. It also fits a lot better on my bookshelf. This book is the perfect desktop reference. It contains the most popular commands, Bourne, Korn, and C shell syntaxes, text formatting commands, instructions for the emacs, vi, and ex editors plus sections on sed, awk, and debugging tools. It doesn't take much space and could easily replace three to five books that currently occupy room on every UNIX programmer's desk. The authors have presented a clear and concisely written book which would make an excellent addition to any UNIX user's library.
Advanced Programming in the UNIX Environment If Richard Stevens had wanted to be frivolous in naming this book, it could easily have been entitled Everything You Always Wanted to Know about UNIX, But Were Afraid to Ask. When I first approached his book, I thought that this was no ordinary book on advanced UNIX programming. Fortunately, I was right! Stevens has written a book that covers the UNIX system call interface and the most important functions in the ANSI C library. In other words, he is providing additional understanding for those who want to know how programs operate when running under UNIX. As Stevens notes, these topics have traditionally been detailed in the UNIX Programmer's Manual. However, the manual neither addresses the reasoning behind these topics nor provides examples. This book does both. The book is not for beginners, however; it assumes extensive C programming experience as well as some knowledge of UNIX. Although the first chapter seems like an introduction to UNIX, some UNIX conventions are either taken for granted or explained too briefly for a novice to comprehend. The first C program, a simple implementation of the UNIX ls command, appears on page 4. After this brief introduction to UNIX, and before Stevens addresses file I/O or structure, he devotes a chapter to UNIX standardization plus different UNIX implementations and their relationship to one another. He then returns to a discussion of unbuffered I/O and a separate chapter on files and directories. In contrast to the chapter on unbuffered I/O, he presents a section on the standard I/O library followed by system data files and information. As Stevens develops this step-by-step process to understanding UNIX and its interface with C, he constantly refers to the issue of standardization, its strengths and its weaknesses. Stevens also covers processes, more I/O, and interprocess communication. His treatment addresses the environment, process control, process relationships, and signals. Stevens examines the execution of a C program to determine the UNIX environment of this single process. His discussion of process control describes the relationships among different processes, whereas the section on process relationships emphasizes the connections among groups of processes. Covered under signals are software interrupts and their individual purposes, as well as a critique of earlier implementations of signals, where they were incorrect and why. The next section of Advanced Programming in the UNIX Environment concerns terminal I/O, advanced I/O, and daemon processes. This section precedes that on IPC (interprocess communication), the means by which different processes exchange data or information. Many different types of IPC exist and, as might be expected, not all types apply to every system. On the basis of the information provided in the first part of the book, Stevens next presents four examples that the reader can create: a database library, a Postscript printer driver, a modem dialer, and a program that uses a pseudo-terminal. This is an excellent book. When I first examined the table of contents, I saw that it had something for everyone; as I read it, I saw that Stevens had done an extraordinary job. Not only does he describe and explain each topic, but he also shows its relationships to other subjects and why one idea's presentation must preceed another's. Each chapter begins with an introduction and concludes with a summary followed by a set of exercises. The bibliography at the end of the book is very helpful and the answers to selected exercises will aid anyone endeavoring to really learn about the UNIX environment.
About the Author
Elizabeth Zinkann has been involved in the UNIX and C environments for the past 11 years. She is currently a UNIX and C consultant, and one of her specialities is UNIX education. In addition to her computer science background, she also has a degree in English. Elizabeth can be reached via CompuServe at 71603,2201 (Internet format: 71603.2201@compuserve.com), or via America Online (ezinkann@aol.com).
|