INCS-620-deck5.pdf - INCS-620 Unix Security UNIX System I...

This preview shows page 1 - 8 out of 23 pages.

INCS-620 Unix Security
Image of page 1

Subscribe to view the full document.

UNIX System I Originated in the late 60’s, early 70’s I Bell Labs: Ken Thompson, Dennis Ritchie, Douglas McIlroy I Multiuser Operating System I Enables protection from other users I Enables protection of system services from users I Simpler, faster approach than Multics
Image of page 2
UNIX Security I Each user owns a set of files I Simple way to express who else can access I All user processes run as that user I The system owns a set of files I Root user is defined for system principal I Root can access anything I Users can invoke system services I Need to switch to root user (setuid) I Does UNIX enable configuration of “secure” systems?
Image of page 3

Subscribe to view the full document.

UNIX Challenges I More about protection than security I Implicitly assumes non-malicious user and trusted system I Discretionary Access Control (DAC) I User or their processes may update permission assignments I Each program has all user’s rights I Must trust their processes to be non-malicious I File permission assignments I Assignment based on what is necessary for things to work I All your processes have all your rights I System services have full access I Users invoke setuid (root) procs that have all rights I Must trust system processes
Image of page 4
UNIX Protection State I Subjects I Users I Groups I A process makes accesses on behalf of the corresponding user I Objects I Files I Directories I Operations I Read I Write I Execute
Image of page 5

Subscribe to view the full document.

Subjects I Users I Username I User ID (UID) I Groups I Special User: root I Process I UID, GID I Real user ID I Effective user ID I FS user ID I Saved user ID
Image of page 6
Groups I Users belong to one or more groups I Primary group: defined in /etc/passwd I
Image of page 7

Subscribe to view the full document.

Image of page 8
  • Spring '18
  • Setuid

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern