CE441: Data and Network Securityce.sharif.edu/~b_momeni/ce441/06-perms-lin-win.pdf · 2019. 10. 20. · Access Control in Linux Group-Based Access Control Outline 1 Access Control

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

CE441: Data and Network SecurityPermissions in Linux and Windows

Behnam Momeni, PhD

Department of Computer EngineeringSharif University of Technology

Fall 2019

B. Momeni (Sharif Univ. of Tech.) CE441: Data and Network Security Fall 2019 1 / 34

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Access Control in Linux Group-Based Access Control

Outline

1 Access Control in LinuxGroup-Based Access ControlAccess Control Lists and CapabilitiesCompartmentalization & The Legend of SETUID

2 Access Control in Windows


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Linux Group-Based Access Control

Each user is identified with a 32-bit number → uidEach group is identified with a 32-bit number → gidEach user has

a primary groupand a list of supplementary groups

Each file/directory is owned by a user/groupFile owner can determine file permissionsPermissions are specified for three categories of subjects

User who owns the fileMembers of the group which owns the fileOthers

The root user with uid=0 has unrestricted access


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


File Permissions

Directory is a special kind of file

$ ll /bin/bash /usr/-rwxr-xr-x 1 root root 903464 Apr 30 13:43 /bin/bash*/usr/:drwxr-xr-x 9 root root 4096 Sep 15 07:25 ./drwxr-xr-x 18 root root 4096 Dec 27 2018 ../drwxr-xr-x 6 root root 135168 Sep 15 07:25 bin/drwxr-xr-x 252 root root 241664 Sep 15 07:25 lib/lrwxrwxrwx 1 root root 3 Dec 6 2018 lib64 -> lib/...

-rwxr-xr-x → starts by the file typed for directory, - for regular, . . .

...and follows by permissions of three categories of subjectsrwx → owner user has read/write/execute permissionsr-x → group members have read/execute permissionsr-x → others have read/execute permissions


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Process Authentication and Authorization

When a process is created, it inherits the uid of its parent processThis uid belongs to the user who owns the process

A process with uid=0 has unrestricted privilegesCan change its own uid or fork/exec processes with new IDsImplement the login functionalitySystem boots by running /sbin/init with uid=0

After authentication, user can run a process with her uidDelegating her tasks to the process...which will be authorized to access files

according to the Group-Based Access Control (GBAC)


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Access Control in Linux Access Control Lists and Capabilities

Outline




.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


GBAC Limitations

Each file is associated with just one user and one groupit is impossible to specify permissions for other users...or other groups one by one

Only three categories of subjects (d rwx r-x r-x)

Alternate Access MethodShown by an extra plus sign → d rwx r-x r-x +Implements alternative access control methods

e.g. an access control list


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


GBAC Limitations

Each file is associated with just one user and one groupit is impossible to specify permissions for other users...or other groups one by one

Only three categories of subjects (d rwx r-x r-x)

Alternate Access MethodShown by an extra plus sign → d rwx r-x r-x +Implements alternative access control methods

e.g. an access control list


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


ACL in Linux

File system should be mounted with acl optionDefault in recent systemsRead more details in [manpage:getfacl] and [manpage:setfacl]

$ setfacl -m "u:user :permissions" <file/dir>$ setfacl -m "g:group:permissions" <file/dir>$ setfacl -m "other:permissions" <file/dir>$ setfacl -x "entry" <file/dir>$ setfacl -m "u:ali:rwx" testfile$ getfacl tmp# file: tmp# owner: root# group: root# flags: –tuser::rwxgroup::rwxother::rwx


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Thread and File Capabilities in Linux

It is possible to assign permissions to processesEach administrative right is represented by one capabilityTraditional root privileges can be distributed as capabilities

Read more details in [manpage:getcap] , [manpage:setcap] , and [manpage:capabilities]

$ getcap /usr/bin/ping/usr/bin/ping = cap_net_raw+ep$ setcap cap_net_raw+ep filename


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


John Mitchell

ACL vs Capabilities

Process PUser U

Process QUser U

Process RUser U

Process PCapabilty c,d,e

Process Q

Process RCapabilty c

Capabilty c,e


Borrowed from [40442-971:05-secure-architecture.pdf], page 34

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Thread and File Capabilities in Linux – Details

File Capabilities: Permitted, Inheritable, EffectiveThread Capabilities: Permitted, Inheritable, Effective, Bounding,Ambient

P ′(ambient) = (file is privileged) ? 0 : P(ambient)P ′(permitted) = (P(inheritable) & F(inheritable))

|(F(permitted) & P(bounding))|P ′(ambient)

P ′(effective) = F(effective) ? P ′(permitted) : P ′(ambient)P ′(inheritable) = P(inheritable) [i .e.,unchanged ]P ′(bounding) = P(bounding) [i .e.,unchanged ]


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Access Control in Linux Compartmentalization & The Legend of SETUID

Outline




.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Limitations of a Coarse-Grained ACL

Normally, a program executes by the privileges of its callingprocess (user)

e.g. when you run ls, it has enough privileges to list your homefolder contents, but not necessarily enough privileges to list yourfriend’s home folder

What if your friend wants to share a file with you?chmod and allow others to access itsetfacl and allow your user specifically

But you will either have access to that file or cannot access itWhat if just a limited set of changes are acceptable?e.g. users are allowed to change their own passwords

Stored in the /etc/shadow...but they are not allowed to change passwords of other users

Stored in the same /etc/shadow file


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Compartmentalization and Least Privilege

The fine-grained access control can be implemented as a programUsers of that program have no privilege to target filesBut the process itself has complete access

The logic of that process provides users with fine-grained accessas they need

Requirement :The privileges of the process must be different from the user whocreated itHow?

set-User-ID bit asks OS to start process with the privileges of the fileowner instead of the file executerSimilarly, set-Group-ID bit causes the file’s group to be used insteadof the primary group of the user who created it


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Compartmentalization and Least Privilege

The fine-grained access control can be implemented as a programUsers of that program have no privilege to target filesBut the process itself has complete access

The logic of that process provides users with fine-grained accessas they need

Requirement :The privileges of the process must be different from the user whocreated itHow?

set-User-ID bit asks OS to start process with the privileges of the fileowner instead of the file executerSimilarly, set-Group-ID bit causes the file’s group to be used insteadof the primary group of the user who created it


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


File Permission Flags

chmod 6644 file

user: rwx → can read/write but cannot executegroup: rwx → can read but cannot write/executeother: rwx → can read but cannot write/execute

flags: sst

Set-User-ID

on files: run asfile’s owner user

Set-Group-ID on files: run as file’s group

on folders: new files arecreated with folder’s group

Sticky Bit

for folder’s contents: onlyfolder/file’s owner canrename/remove them

s without x → St without x → T


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.



chmod 6644 file


flags: sst

Set-User-ID




Sticky Bit




.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.



chmod 6644 file


flags: sst

Set-User-ID




Sticky Bit




.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.



chmod 6644 file


flags: sst

Set-User-ID




Sticky Bit




.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.



chmod 6644 file


flags: sst

Set-User-ID




Sticky Bit




.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Real, Effective, and Saved UIDs

When a process starts, it is assigned a set of UIDsReal UID: who did start this process?Effective UID: with which permissions is this process running now?Saved UID: with which UID did this process start running?

Usually, these UIDs are all the same...and are equal to the UID of the user who started it

That is, the UID of the process which was forked and execved

When a Set-User-ID program is execved, it will start by the UID ofthe file’s owner

Real UID will be the same as the process which calls execveSaved UID will be the same as the UID of the file’s ownerEffective UID is set to Saved UID but can be changed

The Set-Group-ID affects GID similarlyRead more details in [manpage:credentials]


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Real, Effective, and Saved UIDs

When a process starts, it is assigned a set of UIDsReal UID: who did start this process?Effective UID: with which permissions is this process running now?Saved UID: with which UID did this process start running?

Usually, these UIDs are all the same...and are equal to the UID of the user who started it

That is, the UID of the process which was forked and execved

When a Set-User-ID program is execved, it will start by the UID ofthe file’s owner

Real UID will be the same as the process which calls execveSaved UID will be the same as the UID of the file’s ownerEffective UID is set to Saved UID but can be changed

The Set-Group-ID affects GID similarlyRead more details in [manpage:credentials]


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


seteuid and setuid

Effective UID

Saved UID Real UID

seteuid

setuid acts similar to seteuid with special handling for rootWhen Effective UID is changing from zero to non-zero...Saved UID and Real UID will be updated too

It is impossible to regain the root privileges after setuid

Read more details in [manpage:seteuid] and [manpage:setuid]


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


seteuid and setuid

Effective UID

Saved UID Real UID

seteuid

setuid acts similar to seteuid with special handling for rootWhen Effective UID is changing from zero to non-zero...Saved UID and Real UID will be updated too

It is impossible to regain the root privileges after setuid

Read more details in [manpage:seteuid] and [manpage:setuid]


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


setreuid and setresuid

setreuid allows the Real UID and Effective UID to be changedtogether

Passing -1 for each UID will keep it unchangedIf Real UID is changed or Effective UID is set to anything except theprevious Real UID

The new Effective UID will be used for the Saved UID tooSo setreuid allows Effective UID to switch between the current RealUID and Saved UID similar to seteuid...or update both of Real UID and Saved UID

setresuid gets three parameters and updates all three UIDs...or keep them unchanged if -1 is passed

Read more details in [manpage:setreuid] and [manpage:setresuid]


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Privileged vs Unprivileged Processes and SETUID

Privileged Process: Has zero Effective UID or the CAP_SETUIDCan change its UID arbitrarily

Unprivileged Process: All other processesCan only select from the current values of Effective UID, Real UID,and Saved UID when calling seteuid, setresuid, etc.


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Vulnerabilities in Set-User-ID Programs

Environment Variables (hidden program inputs)e.g system(“cp /etc/config /tmp/”)First /bin/sh is executed by system...sh will search in the $PATH to find cp...cp is executed to copy the config fileAn adversary can hijack cp...

export PATH=".:$PATH"

even when using absolute paths, take care of symbolic links!Library loading

Usage of LD_LIBRARY_PATH and LD_PRELOAD are disabled


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


CVE-2019-14287: Authorization Bypass in sudo

// src/exec.c (just related lines are shown...)void exec_cmnd(struct command_details *details, int errfd){if (exec_setup(details) == true) {sudo_execve(details->execfd, details->command, details->argv,details->envp, ISSET(details->flags, CD_NOEXEC));

}}static bool exec_setup(struct command_details *details){if (setresuid(details->uid,details->euid,details->euid) != 0){sudo_warn(U_("unable to change to runas uid (%u, %u)"),

(unsigned int)details->uid, (unsigned int)details->euid);goto done;

}}// What if the user is authorized to// ...run commands as ALL users but the root?

Ref: https://www.sudo.ws/alerts/minus_1_uid.html


https://www.sudo.ws/alerts/minus_1_uid.html

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


TOCTTOU Vulnerabilities

Time Of Check To Time of UseFile system might change in between

e.g. an script starts by a shebang#!/usr/bin/env python3The shebang determines the interpreter to be executedThe interpreter will read the script to interpret it

What if the script is changed after execution of the interpreter withSet-User-ID and before it could open the script to run it?No Set-User-ID for scripts in Linux


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


John Mitchell

Qmail design• Isolation based on OS isolation – Separate modules run as separate “users” – Each user only has access to specific resources

• Least privilege – Minimal privileges for each UID – Only one “setuid” program • setuid allows a program to run as different users

– Only one “root” program • root program has all privileges



.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


The Example Architecture of qmail

Ref: [hafiz2004qmail]


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Access Control in Windows Access Control Lists, Tokens, and Security Descriptors

Outline

1 Access Control in Linux

2 Access Control in WindowsAccess Control Lists, Tokens, and Security Descriptors


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Users and Groups in Windows

Similar to Linux, each user is identified by some User SID...and each user can be a member of one or more groups

Each group has also an identifier: Group SIDBut Security Identifier (SID) differs from Linux UIDs

Variable length (not a simple number )There are SIDs for generic users/groups which are shared in allWindows systems

S-1-0: Null AuthorityS-1-0-0: NobodyS-1-1-0: Everyone (a group SID) except anonymous usersS-1-1: Word AuthorityS-1-2: Local AuthorityRead more details in https://support.microsoft.com/en-us/help/243330/

well-known-security-identifiers-in-windows-operating-systems

The username might change, but its SID remains unchanged


https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems

https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


Security Tokens

A kernel data structure representing SIDs of a processA process uses its tokens to pass through the ACL checks

Two types of tokensPrimary Token: obtained by logging in

Similar to the Audit UID in Linux

Impersonation Token: can be delegated and grant parts of a useraccess temporarily to a process/service to act on behalf of its users


.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


John Mitchell

Impersonation Tokens (compare to setuid)

• Process adopts security attributes of another – Client passes impersonation token to server

• Client specifies impersonation level of server – Anonymous

• Token has no information about the client – Identification

• Obtain the SIDs of client and client's privileges, but server cannot impersonate the client

– Impersonation • Impersonate the client on the local system

– Delegation • Lets server impersonate client on local, remote systems



.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


John Mitchell

Object has security descriptor

• Specifies who can perform what actions on the object – Header (revision number, control flags, …) – SID of the object's owner – SID of the primary group of the object – Two attached optional lists:

• Discretionary Access Control List (DACL) – users, groups, … • System Access Control List (SACL) – system logs, ..



.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


John Mitchell

Example access request

Group1: AdministratorsGroup2: Writers

Control flags

Group SIDDACL PointerSACL Pointer Deny Writers Read, Write Allow Mark Read, Write

Owner SID

Revision Number

Access token

Security descriptor

Access request: write Action: denied

• User Mark requests write permission • Descriptor denies permission to group • Reference Monitor denies request (DACL for access, SACL for audit and logging)

Priority: Explicit Deny Explicit Allow Inherited Deny Inherited Allow

User: Mark



.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.


John Mitchell

Weakness in isolation, privileges• Similar problems to Unix

– E.g., Rootkits leveraging dynamically loaded kernel modules

• Windows Registry – Global hierarchical database to store data for all programs – Registry entry can be associated with a security context

that limits access; common to be able to write sensitive entry

• Enabled By Default – Historically, many Windows deployments also came with

full permissions and functionality enabled



.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

References and Further Reading Bibliography

References and Further Reading (1/3)

[40442-971:05-secure-architecture.pdf] Mehdi Kharrazi, “CE 442/Computer and NetworkSecurity – Lecture 5- Secure Architecture Principles,” Sharif University of Technology,Online: http://sharif.edu/~kharrazi/courses/40442-971/05-secure-architecture.pdf, 2018

[cis643:setuid.pdf] Wenliang (Kevin) Du, “CIS/CSE 643: Computer Security – Set-UIDPrivileged Programs – Lecture Notes,” Syracuse University, Online:www.cis.syr.edu/~wedu/Teaching/cis643/LectureNotes_New/Set_UID.pdf, 2014

[hafiz2004qmail] Munawar Hafiz, Ralph Johnson, and Raja Afandi, “The securityarchitecture of qmail,” Proceedings of the 11th Conference on Patterns Language ofProgramming (PLoP04), Online:https://hillside.net/plop/2004/papers/mhafiz1/PLoP2004_mhafiz1_0.pdf, 2004


http://sharif.edu/~kharrazi/courses/40442-971/05-secure-architecture.pdf

www.cis.syr.edu/~wedu/Teaching/cis643/LectureNotes_New/Set_UID.pdf

https://hillside.net/plop/2004/papers/mhafiz1/PLoP2004_mhafiz1_0.pdf

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.



[manpage:getfacl] Michael Kerrisk, “getfacl(1) – Linux manual page,” Linux Programmer’sManual, Online: http://man7.org/linux/man-pages/man1/getfacl.1.html, 2019

[manpage:setfacl] Michael Kerrisk, “setfacl(1) – Linux manual page,” Linux Programmer’sManual, Online: http://man7.org/linux/man-pages/man1/setfacl.1.html, 2019

[manpage:getcap] Michael Kerrisk, “getcap(8) – Linux manual page,” Linux Programmer’sManual, Online: http://man7.org/linux/man-pages/man8/getcap.8.html, 2019

[manpage:setcap] Michael Kerrisk, “setcap(8) – Linux manual page,” Linux Programmer’sManual, Online: http://man7.org/linux/man-pages/man8/setcap.8.html, 2019

[manpage:capabilities] Michael Kerrisk, “capabilities(7) – Linux manual page,” LinuxProgrammer’s Manual, Online: http://man7.org/linux/man-pages/man7/capabilities.7.html,2019


http://man7.org/linux/man-pages/man1/getfacl.1.html

http://man7.org/linux/man-pages/man1/setfacl.1.html

http://man7.org/linux/man-pages/man8/getcap.8.html

http://man7.org/linux/man-pages/man8/setcap.8.html

http://man7.org/linux/man-pages/man7/capabilities.7.html

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.



[manpage:credentials] Michael Kerrisk, “credentials(7) – Linux manual page,” LinuxProgrammer’s Manual, Online: http://man7.org/linux/man-pages/man7/credentials.7.html,2019

[manpage:seteuid] Michael Kerrisk, “seteuid(2) – Linux manual page,” LinuxProgrammer’s Manual, Online: http://man7.org/linux/man-pages/man2/seteuid.2.html, 2019

[manpage:setuid] Michael Kerrisk, “setuid(2) - Linux manual page,” Linux Programmer’sManual, Online: http://man7.org/linux/man-pages/man2/setuid.2.html, 2019

[manpage:setreuid] Michael Kerrisk, “setreuid(2) - Linux manual page,” LinuxProgrammer’s Manual, Online: http://man7.org/linux/man-pages/man2/setreuid.2.html, 2019

[manpage:setresuid] Michael Kerrisk, “setresuid(2) - Linux manual page,” LinuxProgrammer’s Manual, Online: http://man7.org/linux/man-pages/man2/setresuid.2.html,2019

[manpage:execve] Michael Kerrisk, “execve(2) - Linux manual page,” Linux Programmer’sManual, Online: http://man7.org/linux/man-pages/man2/execve.2.html, 2019


http://man7.org/linux/man-pages/man7/credentials.7.html

http://man7.org/linux/man-pages/man2/seteuid.2.html

http://man7.org/linux/man-pages/man2/setuid.2.html

http://man7.org/linux/man-pages/man2/setreuid.2.html

http://man7.org/linux/man-pages/man2/setresuid.2.html

http://man7.org/linux/man-pages/man2/execve.2.html

Documents

CE441: Data and Network Securityce.sharif.edu/~b_momeni/ce441/06-perms-lin-win.pdf · 2019. 10. 20. · Access Control in Linux Group-Based Access Control Outline 1 Access Control