seed-capabilities.pdf

3 enabling a process can enable a capability that is

This preview shows page 4 - 6 out of 7 pages.

3. Enabling: A process can enable a capability that is temporarily disabled. A deleted capability cannot be enabled. Without capabilities, a privileged Set-UID program can also delete/disable/enable its own privileged. This is done via the setuid() and seteuid() system calls; namely, a process can change its effective user id during the run time. The granularity is quite coarse using these system calls, because you can either be the privileged users (e.g. root) or a non-privileged users. With capabilities, the privileges can be adjusted in a much fi ner fashion, because each capability can be independently adjusted. To support dynamic capability adjustment, Linux uses a mechanism similar to the Set-UID mech- anism, i.e., a process carries three capability sets: permitted (P), inheritable (I), and effective (E). The permitted set consists of the capabilities that the process is permitted to use; however, this set of capabilities might not be active. The effective set consists of those capabilities that the process can currently use (this is like the effective user uid in the Set-UID mechanism). The effective set must always be a subset of the permitted set. The process can change the contents of the effective set at any time as long as the effective set does not exceed the permitted set. The inheritable set is used only for calculating the new capability sets after exec() , i.e., which capabilities can be inherited by the children processes. When a process forks, the child’s capability sets are copied from the parent. When a process executes a new program, its new capability sets are calculated according to the following formula: pI_new = pI pP_new = fP | (fI & pI) pE_new = pP_new if fE = true pE_new = empty if fE = false A value ending with “new” indicates the newly calculated value. A value beginning with a p indicates a process capability. A value beginning with an f indicates a fi le capability. To make it convenient for programs to disable/enable/delete their capabilities, please add the following three functions to libcap-2.16/libcap/cap proc.c ( libcap-2.16 is the directory created when you run ’tar xvf libcap-2.16.tar.gz’ to extract the libcap package).
Image of page 4

Subscribe to view the full document.

Laboratory for Computer Security Education 5 int cap_disable(cap_value_t capflag) { cap_t mycaps; mycaps = cap_get_proc(); if (mycaps == NULL) return -1; if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_CLEAR) != 0) return -1; if (cap_set_proc(mycaps) != 0) return -1; return 0; } int cap_enable(cap_value_t capflag) { cap_t mycaps; mycaps = cap_get_proc(); if (mycaps == NULL) return -1; if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_SET) != 0) return -1; if (cap_set_proc(mycaps) != 0) return -1; return 0; } int cap_drop(cap_value_t capflag) { cap_t mycaps; mycaps = cap_get_proc(); if (mycaps == NULL) return -1; if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_CLEAR) != 0) return -1; if (cap_set_flag(mycaps, CAP_PERMITTED, 1, &capflag, CAP_CLEAR) != 0) return -1; if (cap_set_proc(mycaps) != 0) return -1; return 0; } Run the following command to compile and install the updated libcap . After the library is installed, programs can use these three library functions that we have just added.
Image of page 5
Image of page 6
  • Fall '19
  • Access control list, Linux kernel, Capability-based security, Principle of least privilege, Computer Security Education

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern