Linux Capabilities & Set-UID Vulnerability
|
|
- Annabel Newton
- 5 years ago
- Views:
Transcription
1 Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit Linux Capabilities & Set-UID Vulnerability BLOSSOM Manchester Metropolitan University (Funded by Higher Education Academy) l.han@mmu.ac.uk
2 1. Learning Objectives This will be to explore and understand linux capability and Set-UID vulnerabilities 2. Preparation 1) Under Linux environment 2) Some documents that you may need to refer to: 3. Tasks 'Virtual-MachineGuide.pdf' Linux-Guide.pdf BLOSSOM-UserGuide.pdf Setup & Installation: 1: Start two virtual machines as you have done with previous exercises (see Virtual Machine Guide): # kvm -cdrom /var/tmp/blossomfiles/blossom-0.98.iso -m 512 -net nic,macaddr=52:54:00:12:34:57 -net vde -name node-one # kvm -cdrom /var/tmp/blossomfiles/blossom-0.98.iso -m 512 -net nic,macaddr=52:54:00:12:34:58 -net vde -name node-two
3 Task 1 Linux Capabilities 1.1 Linux has multiple ways in which access control can be maintained in order to assign appropriate levels of privilege to certain applications and commands. Libcap is one of the methods in which this can be performed. 1.2 First of all, a small file system must be created on the virtual machine, as capabilities can t be applied to certain types of file system such as the one the virtual machine is running on. The following strings of commands perform this task: # dd if=/dev/zero of=disk.img bs=16k count=16 # mke2fs disk.img # mkdir mnt # mount o loop disk.img mnt This creates the disk image in an acceptable file system format and mounts it to a directory. Commands that we will change the capabilities of must be first copied to this directory in the following way: # cp a /bin/ping mnt 1.3 With the file system created and the ping command copied in to the mounted directory, we can change the capabilities of the ping command. Ping is known as a Set-UID program, which means that normal users can use the program as it temporarily turns the user into a more powerful user, such as root. This provides the potential for an attacker to compromise the program in order to get root privilege. The Set-UID privilege must be removed from the ping command stored in the mounted directory: # chmod u-s mnt/ping This should prevent a normal user from using the ping command, test it by opening a terminal with root access and attempting to run the following command: $ mnt/ping An error should appear stating that the operation is not permitted. 1.4 In order to allow for a normal user to use ping, but without providing ping with too much power, we can set a specific capability to it. The basic reason for ping not working without Set-UID or root permission is that ping needs to open a RAW socket in order to work. The following
4 command will set the capability for opening a RAW socket without providing actual root access: # setcap cap_net_raw=ep mnt/ping Now try running the command mnt/ping as a normal user and notice that you can now access the command without gaining root privilege. Question/Task: Do the exact same thing to another command that requires root access, such as passwd. What capabilities do you need to apply to passwd in order to make it usable by a normal user without gaining root privilege? Task 2 Set-UID Program Vulnerability 2.1 Set-UID is a set of access right flags in the UNIX operating system that allows for users to run an executable with the permissions of the executable s owner or group respectively. This function can easily be exploited to provide a normal user with unwarranted privileges if countermeasures are not in place. Open up a text editor and create a script that performs a task that would require root access, such as apt-get commands, and then save it as 'something.sh': #!/bin/sh apt-get install <PACKAGE> Above is an example of a script, where <PACKAGE> is the name of any package. This is purely for demonstrative purposes. In a root terminal, now use the following set of commands to provide set-uid functionality to the script: # chown root:root something.sh # chmod 4755 something.sh Now, if we attempt to run the script in a non-root terminal, we will still be confronted with an error stating that we are not root; however, this can be circumvented by making use of a simple C based program. 2.2 Open up another text editor and create this C program: #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <unistd.h> int main() { setuid(0);
5 } system("/home/user/something.sh"); return 0; NOTE: The "system" line may be different depending on the user, based on where the file "something.sh" was created. Save the program as 'runscript.c', and then use gcc to compile it, changing the permissions to the same as what we set the script 'something.sh' to earlier: # gcc runscript.c -o runscript # chown root:root runscript # chmod 4755 runscript Question/Task: Execute 'runscript' and observe the result.
GNU/Linux: An Essential Guide for Students Undertaking BLOSSOM
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationBlossom Hands-on exercises for computer forensics and security. Buffer Overflow
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationLinux Capability Exploration Lab
Laboratory for Computer Security Education 1 Linux Capability Exploration Lab Copyright c 2006-2009 Wenliang Du, Syracuse University. The development of this document is funded by the National Science
More informationCapability and System Hardening
P a g e 1 Date Assigned: mm/dd/yyyy Date Due: mm/dd/yyyy by hh:mm Educational Objectives Capability and System Hardening This lab is designed to help you gain a better understanding of system hardening
More informationRace Condition Vulnerability Lab
Concordia Institute for Information Systems Engineering - INSE 6130 1 Race Condition Vulnerability Lab Copyright c 2006-2012 Wenliang Du, Syracuse University. The development of this document is funded
More informationExploiting capabilities Parcel root power, the dark side of capabilities
Exploiting capabilities Parcel root power, the dark side of capabilities Date of writing : 14/05/2010 Author : Emeric Nasi emeric.nasi@sevagas.com Note : In order to understand this document it is strongly
More informationChapter Two. Lesson A. Objectives. Exploring the UNIX File System and File Security. Understanding Files and Directories
Chapter Two Exploring the UNIX File System and File Security Lesson A Understanding Files and Directories 2 Objectives Discuss and explain the UNIX file system Define a UNIX file system partition Use the
More informationLPI LPI Level Junior Level Linux Certification Part 1 of 2. Download Full Version :
LPI 101-400 LPI Level 1 101 Junior Level Linux Certification Part 1 of 2 Download Full Version : http://killexams.com/pass4sure/exam-detail/101-400 Answer: B QUESTION: 102 How many fields are in a syntactically
More informationINF322 Operating Systems
Galatasaray University Computer Engineering Department INF322 Operating Systems TP01: Introduction to Linux Ozan Çağlayan ocaglayan@gsu.edu.tr ozancaglayan.com Fundamental Concepts Definition of Operating
More informationWelcome to getting started with Ubuntu Server. This System Administrator Manual. guide to be simple to follow, with step by step instructions
Welcome to getting started with Ubuntu 12.04 Server. This System Administrator Manual guide to be simple to follow, with step by step instructions with screenshots INDEX 1.Installation of Ubuntu 12.04
More informationEverything about Linux User- and Filemanagement
Everything about Linux User- and Filemanagement Lukas Prokop 20. April 2009 Inhaltsverzeichnis 1 Who I am 2 1.1 whoami..................................... 3 1.2 passwd......................................
More informationUsing KVM On Ubuntu 7.10 (Gutsy Gibbon)
By Mike Weimichkirch Published: 2007-11-28 17:38 Using KVM On Ubuntu 7.10 (Gutsy Gibbon) In this HowTo I'll explain how to install and use KVM for running your services in virtual machines. KVM (Kernel-based
More informationInstalling and Patching Oracle
APPENDIXA This section provides supporting information to assist you with the Oracle 11g installation. Note Oracle 11g is available only for a 64-bit architecture. Use the information in this section in
More informationOperating systems fundamentals - B10
Operating systems fundamentals - B10 David Kendall Northumbria University David Kendall (Northumbria University) Operating systems fundamentals - B10 1 / 12 Introduction Basics of protection and security
More informationExercise 4: Access Control and Filesystem Security
Exercise 4: Access Control and Filesystem Security Introduction Duration: 90 min Maximum Points: 30 Note: The solutions of theorethical assignments should be handed out before the practical part in the
More informationLinux Systems Administration Getting Started with Linux
Linux Systems Administration Getting Started with Linux Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International
More informationINTRODUCTION TO LINUX
INTRODUCTION TO LINUX REALLY SHORT HISTORY Before GNU/Linux there were DOS, MAC and UNIX. All systems were proprietary. The GNU project started in the early 80s by Richard Stallman Goal to make a free
More informationEmbedded System Design
Embedded System Design Lecture 10 Jaeyong Chung Systems-on-Chips (SoC) Laboratory Incheon National University Environment Variables Environment variables are a set of dynamic named values that can affect
More informationDirty COW Attack Lab
SEED Labs Dirty COW Attack Lab 1 Dirty COW Attack Lab Copyright 2017 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation under Award
More informationInstalling and Patching Oracle
CHAPTER 4 The Oracle procedures described in this section should be performed only as directed in the checklist provided in 1.3.1 Installation Scenarios and Checklists, page 1-3 for the installation setup
More informationIntroduction to Linux. Woo-Yeong Jeong Computer Systems Laboratory Sungkyunkwan University
Introduction to Linux Woo-Yeong Jeong (wooyeong@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu What is Linux? A Unix-like operating system of a computer What is an
More informationWorking with Basic Linux. Daniel Balagué
Working with Basic Linux Daniel Balagué How Linux Works? Everything in Linux is either a file or a process. A process is an executing program identified with a PID number. It runs in short or long duration
More informationCS Programming Languages Fall Homework #2
CS 345 - Programming Languages Fall 2010 Homework #2 Due: 2pm CDT (in class), September 30, 2010 Collaboration policy This assignment can be done in teams at most two students. Any cheating (e.g., submitting
More informationOperating Systems Linux 1-2 Measurements Background material
Operating Systems Linux 1-2 Measurements Background material Introduction The Linux measurements were designed to allow you to have an impression about the administration of Linux severs along with providing
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationLeast-Privilege Isolation: The OKWS Web Server
Least-Privilege Isolation: The OKWS Web Server Brad Karp UCL Computer Science CS GZ03 / M030 14 th December 2015 Can We Prevent All Exploits? Many varieties of exploits Stack smashing, format strings,
More informationOverview LEARN. History of Linux Linux Architecture Linux File System Linux Access Linux Commands File Permission Editors Conclusion and Questions
Lanka Education and Research Network Linux Architecture, Linux File System, Linux Basic Commands 28 th November 2016 Dilum Samarasinhe () Overview History of Linux Linux Architecture Linux File System
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: Dan Boneh What Happens if you can t drop privilege? In what example scenarios does this happen? A service loop E.g., ssh Solution?
More informationIntroduction to Linux
Introduction to Linux Prof. Jin-Soo Kim( jinsookim@skku.edu) TA - Dong-Yun Lee (dylee@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu What is Linux? A Unix-like operating
More informationShellbased Wargaming
Shellbased Wargaming Abstract Wargaming is a hands-on way to learn about computer security and common programming mistakes. This document is intended for readers new to the subject and who are interested
More information[S9I ] gtmsecshr vulnerability Security Advisory Page 1 of 6
[S9I10-002703] gtmsecshr vulnerability Security Advisory Page 1 of 6 Background The GT.M Group at Fidelity National Information Services (FIS) recently received a report of a GT.M security vulnerability.
More informationLinux Systems Administration Shell Scripting Basics. Mike Jager Network Startup Resource Center
Linux Systems Administration Shell Scripting Basics Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial
More informationLab E2: bypassing authentication and resetting passwords
Lab E2: bypassing authentication and resetting passwords TTM4175 September 7, 2015 The purpose of this lab is to learn about techniques for bypassing the authentication and access control of Windows and
More informationBuffer Overflow Vulnerability
Buffer Overflow Vulnerability 1 Buffer Overflow Vulnerability Copyright c 2006 2014 Wenliang Du, Syracuse University. The development of this document is/was funded by three grants from the US National
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Race Conditions Secure Software Programming 2 Overview Parallel execution
More informationTJU Syllabus for Linux Fundamentals and Applications
TJU Syllabus for Linux Fundamentals and Applications Code: 2160281 Title: Linux Fundamentals and Applications Semester Hours: 40 Credits: 2 Semester Structure Offered by: for: Prerequisite: Hour Lecture:24
More informationCS/CIS 249 SP18 - Intro to Information Security
Lab assignment CS/CIS 249 SP18 - Intro to Information Security Lab #2 - UNIX/Linux Access Controls, version 1.2 A typed document is required for this assignment. You must type the questions and your responses
More informationBuffer Overflow Vulnerability Lab
SEED Labs Buffer Overflow Vulnerability Lab 1 Buffer Overflow Vulnerability Lab Copyright 2006-2016 Wenliang Du, Syracuse University. The development of this document was partially funded by the National
More informationOS security mechanisms:
OS security mechanisms: Memory Protection: One of the important aspects of Operating system security is Memory Protection. Memory provides powerful indirect way for an attacker to circumvent security mechanism,
More informationFilesystem Hierarchy Operating systems I800 Edmund Laugasson
Filesystem Hierarchy Operating systems I800 Edmund Laugasson edmund.laugasson@itcollege.ee There has been used materials from Margus Ernits, Katrin Loodus when creating current slides. Current document
More informationCYSE 411/AIT681 Secure Software Engineering Topic #13. Secure Coding: Race Conditions
CYSE 411/AIT681 Secure Software Engineering Topic #13. Secure Coding: Race Conditions Instructor: Dr. Kun Sun 1 Secure Coding String management Pointer Subterfuge Dynamic memory management Integer security
More informationLAB #7 Linux Tutorial
Gathering information: LAB #7 Linux Tutorial Find the password file on a Linux box Scenario You have access to a Linux computer. You must find the password file on the computer. Objective Get a listing
More informationOperating Systems Security Access Control
Authorization and access control Operating Systems Security Access Control Ozalp Babaoglu From authentication to authorization Once subjects have been authenticated, the next problem to confront is authorization
More informationGNU/Linux 101. Casey McLaughlin. Research Computing Center Spring Workshop Series 2018
GNU/Linux 101 Casey McLaughlin Research Computing Center Spring Workshop Series 2018 rccworkshop IC;3df4mu bash-2.1~# man workshop Linux101 RCC Workshop L101 OBJECTIVES - Operating system concepts - Linux
More informationStack Debugging. Young W. Lim Thr. Young W. Lim Stack Debugging Thr 1 / 12
Stack Debugging Young W. Lim 2017-07-13 Thr Young W. Lim Stack Debugging 2017-07-13 Thr 1 / 12 Outline 1 Introduction References Compiling to IA32 Assembly Checking /proc//maps file Young W. Lim Stack
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationOperating Systems Lab
Operating Systems Lab Islamic University Gaza Engineering Faculty Department of Computer Engineering Fall 2012 ECOM 4010: Operating Systems Lab Eng: Ahmed M. Ayash Lab # 4 Paths, Links & File Permissions
More informationCS155: Computer Security Spring Project #1
CS155: Computer Security Spring 2018 Project #1 Due: Part 1: Thursday, April 12-11:59pm, Parts 2 and 3: Thursday, April 19-11:59pm. The goal of this assignment is to gain hands-on experience finding vulnerabilities
More informationSAS Event Stream Processing 4.1: Deployment Guide
SAS Event Stream Processing 4.1: Deployment Guide Introduction.................................................................................... 2 About This Guide............................................................................
More informationLinux Kung-Fu. James Droste UBNetDef Fall 2016
Linux Kung-Fu James Droste UBNetDef Fall 2016 $ init 1 GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org GO TO https://apps.ubnetdef.org
More informationCIT 480: Securing Computer Systems. Operating System Concepts
CIT 480: Securing Computer Systems Operating System Concepts Topics 1. What is an OS? 2. Processes 3. Memory management 4. Filesystems 5. Virtual machines A Computer Model An operating system has to deal
More informationLab #9: Configuring A Linux File Server
Lab #9 Page 1 of 6 Theory: Lab #9: Configuring A Linux File Server The Network File System (NFS) feature provides a means of sharing Linux file systems and directories with other Linux and UNIX computers
More informationOperating system security models
Operating system security models Unix security model Windows security model MEELIS ROOS 1 General Unix model Everything is a file under a virtual root diretory Files Directories Sockets Devices... Objects
More informationCapabilities. Linux Capabilities and Namespaces. Outline. Michael Kerrisk, man7.org c 2018 March 2018
Linux Capabilities and Namespaces Capabilities Michael Kerrisk, man7.org c 2018 mtk@man7.org March 2018 Outline 4 Capabilities 4-1 4.1 Overview 4-3 4.2 Process and file capabilities 4-8 4.3 Shell commands
More informationLearning ASM Using a Single Disk Drive On the Apple OS X and Linux Platforms
Learning ASM Using a Single Disk Drive On the Apple OS X and Linux Platforms An ATS HOWTO Paper by Kent Stroker July 2005 Advanced Technology Services, Inc. Oracle Technology Delivered Learning ASM Using
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationSE Linux Implementation LINUX20
SE Linux Implementation LINUX20 Russell Coker IBM eserver pseries, Linux, Grid Computing and Storage Technical University 7/7/2004 Licensed under the GPL Topic Objectives In this topic students will learn
More informationIntro to HPC Exercise
Intro to HPC Exercise Lab Exercise: Introduction to HPC The assumption is that you have already tested your Amazon Web Service Elastic Compute Cloud (EC2) virtual machines chosen for the LCI hands on exercises.
More informationUnix Introduction to UNIX
Unix Introduction to UNIX Get Started Introduction The UNIX operating system Set of programs that act as a link between the computer and the user. Developed in 1969 by a group of AT&T employees Various
More informationFilesystem Hierarchy and Permissions
and Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Multiuser and Server Operating System Linux systems are commonly used as a multi-user system E.g.
More informationStop all processes and then reboot - same as above startx. Log in as superuser from current login exit
Starting & Stopping shutdown -h now Shutdown the system now and do not reboot shutdown -r 5 Shutdown the system in 5 minutes and reboot shutdown -r now Shutdown the system now and reboot reboot Stop all
More informationCptS 360 (System Programming) Unit 6: Files and Directories
CptS 360 (System Programming) Bob Lewis School of Engineering and Applied Sciences Washington State University Spring, 2019 Motivation Need to know your way around a filesystem. A properly organized filesystem
More information1 Virtualization Recap
1 Virtualization Recap 2 Recap 1 What is the user part of an ISA? What is the system part of an ISA? What functionality do they provide? 3 Recap 2 Application Programs Libraries Operating System Arrows?
More informationCS631 - Advanced Programming in the UNIX Environment
CS631 - Advanced Programming in the UNIX Environment Slide 1 CS631 - Advanced Programming in the UNIX Environment Files and Directories Department of Computer Science Stevens Institute of Technology Jan
More informationUsing Symantec NetBackup 6.5 with Symantec Security Information Manager 4.7
Using Symantec NetBackup 6.5 with Symantec Security Information Manager 4.7 Using Symantec NetBackup with Symantec Security Information Manager Legal Notice Copyright 2010 Symantec Corporation. All rights
More informationSAS Event Stream Processing for Edge Computing 4.3: Deployment Guide
SAS Event Stream Processing for Edge Computing 4.3: Deployment Guide SAS Documentation June 2017 The correct bibliographic citation for this manual is as follows: SAS Institute Inc. 2017. SAS Event Stream
More informationPractical Techniques to Obviate Setuid-to-Root Binaries
Operating Systems, Security, Concurrency and Architecture Research Practical Techniques to Obviate Setuid-to-Root Binaries Bhushan Jain, Chia-Che Tsai, Jitin John, Donald Porter OSCAR Lab Computer Science
More informationDiscretionary Access Control
Operating System Security Discretionary Seong-je Cho ( 조성제 ) (sjcho at dankook.ac.kr) Fall 2018 Computer Security & Operating Systems Lab, DKU - 1-524870, F 18 Discretionary (DAC) Allows the owner of the
More informationFiles (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1
Files (review) and Regular Expressions Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 midterms (Feb 11 and April 1) Files and Permissions Regular Expressions 2 Sobel, Chapter 6 160_pathnames.html
More informationCS 361S - Network Security and Privacy Spring Project #2
CS 361S - Network Security and Privacy Spring 2014 Project #2 Part 1 due: 11am CDT, March 25, 2014 Part 2 due: 11am CDT, April 3, 2014 Submission instructions Follow the submission instructions in the
More informationSecurity Enhanced Linux
Security Enhanced Linux Bengt Nolin beno9295@student.uu.se October 13, 2004 Abstract A very brief introduction to SELinux; what it is, what is does and a little about how it does it. 1 1 Background 1.1
More informationUsing The Hortonworks Virtual Sandbox Powered By Apache Hadoop
Using The Hortonworks Virtual Sandbox Powered By Apache Hadoop This work by Hortonworks, Inc. is licensed under a Creative Commons Attribution ShareAlike3.0 Unported License. Legal Notice Copyright 2012
More informationDocker & why we should use it
Docker & why we should use it Vicențiu Ciorbaru Software Engineer @ MariaDB Foundation * * Agenda What is Docker? What Docker brings to the table compared to KVM and Vagrant? Docker tutorial What is Docker
More informationSetting up a Chaincoin Masternode
Setting up a Chaincoin Masternode Introduction So you want to set up your own Chaincoin Masternode? You ve come to the right place! These instructions are correct as of April, 2017, and relate to version
More informationFile System. yihshih
File System yihshih Files % ls l d rwx--x--x 7 wutzh gcs 1024 Sep 22 17:25 public_html File type File access mode # of links File user owner File group owner File size File last modify time 2 File name
More informationHow to Create a NetBeans PHP Project
How to Create a NetBeans PHP Project 1. SET UP PERMISSIONS FOR YOUR PHP WEB SITE... 2 2. CREATE NEW PROJECT ("PHP APPLICATION FROM REMOTE SERVER")... 2 3. SPECIFY PROJECT NAME AND LOCATION... 2 4. SPECIFY
More informationCS155: Computer Security Spring Project #1. Due: Part 1: Thursday, April pm, Part 2: Monday, April pm.
CS155: Computer Security Spring 2008 Project #1 Due: Part 1: Thursday, April 17-1159 pm, Part 2: Monday, April 21-1159 pm. Goal 1. The goal of this assignment is to gain hands-on experience with the effect
More informationParents and Children
1 Process Identifiers Every process apart from the PID also has a PUID and a PGID. There are two types of PUID and PGID: real and effective. The real PUID is always equal to the user running the process
More informationPrivileges: who can control what
Privileges: who can control what Introduction to Unix May 24, 2008, Morocco Hervey Allen Goal Understand the following: The Unix security model How a program is allowed to run Where user and group information
More informationOutline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components
UNIX security Ulf Larson (modified by Erland Jonsson/Magnus Almgren) Computer security group Dept. of Computer Science and Engineering Chalmers University of Technology, Sweden Outline UNIX security ideas
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationTable 12.2 Information Elements of a File Directory
Table 12.2 Information Elements of a File Directory Basic Information File Name File Type File Organization Name as chosen by creator (user or program). Must be unique within a specific directory. For
More informationRunning SAS Deployment Wizard on UNIX with a Nonroot User Account and IBM WebSphere Application Server
Configuration Guide Running SAS Deployment Wizard on UNIX with a Nonroot User Account and IBM WebSphere Application Server Below are the two types of user accounts that play an important role in installing,
More informationCSI 402 Lecture 11 (Unix Discussion on Files continued) 11 1 / 19
CSI 402 Lecture 11 (Unix Discussion on Files continued) 11 1 / 19 User and Group IDs Ref: Chapter 3 of [HGS]. Each user is given an ID (integer) called uid. (Most system programs use uid instead of the
More information15. Creating a Samba Server in Knoppix v.3
15. Creating a Samba Server in Knoppix v.3 Estimated Time: 60 minutes Objective In this lab, the student will start the samba service in Knoppix, allowing transfer of files to and from a indows XP computer
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More information5/8/2012. Encryption-based Protection. Protection based on Access Permission (Contd) File Security, Setting and Using Permissions Chapter 9
File Security, Setting and Using Permissions Chapter 9 To show the three protection and security mechanisms that UNIX provides To describe the types of users of a UNIX file To discuss the basic operations
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationSecurity. Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018
Security Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018 Basic Security Aspects 1. Systems must be usable by legitimate users only 2. Access is granted on the basis of
More informationCSCE 313 Introduction to Computer Systems
CSCE 313 Introduction to Computer Systems Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce313 The UNIX File System File Systems and Directories Accessing directories UNIX s Understanding
More informationFirst steps on Linux and programming
First steps on Linux and programming Adrien Poteaux CRIStAL, Université de Lille Year 2017-2018 This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. http://creativecommons.org/licenses/by-nc-sa/3.0/
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationIntroduction to Linux
Introduction to Linux Prof. Jin-Soo Kim( jinsookim@skku.edu) TA Sanghoon Han(sanghoon.han@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Announcement (1) Please come
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path Race conditions NOTE: filenames may differ between OS/distributions Principals
More informationCSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions
CSE 390a Lecture 3 Multi-user systems; remote login; editors; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1
More informationIntroduction to Linux (Part II) BUPT/QMUL 2018/03/21
Introduction to Linux (Part II) BUPT/QMUL 2018/03/21 Contents 10. vi 11. Other commands 12. Developing tools 2 10. Editor - vi Text editor Insert mode Override mode Use sub-commands Tradition tools and
More informationBuffer Overflow Vulnerability Lab Due: September 06, 2018, Thursday (Noon) Submit your lab report through to
CPSC 8810 Fall 2018 Lab 1 1 Buffer Overflow Vulnerability Lab Due: September 06, 2018, Thursday (Noon) Submit your lab report through email to lcheng2@clemson.edu Copyright c 2006-2014 Wenliang Du, Syracuse
More informationVisara Master Console Center. Software Installation P/N
Visara Master Console Center Software Installation P/N 707133-001 Visara Master Console Center Technical Support Contacting the Visara Intellicenter For US domestic customers, Visara provides technical
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationROUNDTABLE TSMS 10.1C - Unix. Installation Guide
ROUNDTABLE TSMS 10.1C - Unix Installation Guide Copyright 2008 by Ledbetter & Harp LLC Roundtable software products are licensed by Tugboat Software Inc. and copyrighted by Ledbetter & Harp LLC, with all
More information