84 \item overwriting operating system facilities, like |
84 \item overwriting operating system facilities, like |
85 process scheduling and memory management |
85 process scheduling and memory management |
86 \end{itemize} |
86 \end{itemize} |
87 |
87 |
88 \noindent This will typically involve quite a lot of |
88 \noindent This will typically involve quite a lot of |
89 programs on a Unix system. I counted 87 programs with the |
89 programs on a Unix system. I counted 95 programs with the |
90 setuid attribute set on my bog-standard MacOSX system |
90 setuid attribute set on my bog-standard MacOSX system |
91 (including the program \pcode{/usr/bin/login}). |
91 (including the program \pcode{/usr/bin/login}). |
92 The problem is that if there is a security problem with |
92 The problem is that if there is a security problem with |
93 one of them, then malicious users (or outside attackers) |
93 one of them, then malicious users (or outside attackers) |
94 can gain root access. |
94 can gain root access. |
95 |
95 |
|
96 The main rule for files that have the setuid attribute set is |
|
97 that when running such files they will run not with the |
|
98 callers access rights, but with the owner of the files rights. |
|
99 So \pcode{/usr/bin/login} will always be running with root |
|
100 access rights, no matter who invokes this program. |
|
101 |
96 \subsubsection*{Secrecy and Integrity} |
102 \subsubsection*{Secrecy and Integrity} |
97 |
103 |
|
104 |
|
105 |
|
106 \subsubsection*{Further Information} |
|
107 |
|
108 If you want to know more about the intricacies of the |
|
109 ``simple'' Unix access control system you might find the |
|
110 relatively readable paper about ``Setuid Demystified'' |
|
111 useful. |
|
112 |
|
113 \begin{center}\small |
|
114 \url{http://www.cs.umd.edu/~jkatz/TEACHING/comp_sec_F04/downloads/setuid.pdf} |
|
115 \end{center} |
98 |
116 |
99 |
117 |
100 \end{document} |
118 \end{document} |
101 |
119 |
102 %%% Local Variables: |
120 %%% Local Variables: |