Firewall Wizards mailing list archives
Re: Ports and privileges
From: mcnabb () argus-systems com (Paul McNabb)
Date: Wed, 25 Feb 1998 09:12:17 -0600
From: tqbf () secnet com Date: Tue, 24 Feb 1998 19:00:50 -0600 (CST) > The separation of "root" into multiple small privileges is exactly > what is done on many of the trusted operating systems. When using > one of these systems as your webserver or firewall base, you avoid > many of the problems experienced with less secure operating systems. Of course, this only works with a kernel audit; many of the privileges that are currently guarded with, say, suser() in 4.4BSD, are equivalent to root, and not always in obvious ways. Not that dividing up root is a bad thing (quite the opposite!), just that it's trickier than it seems to do it with maximal effectiveness.
The way I've seen it done on several different systems is that everywhere in the kernel where there is a call to suser(), plus in new places that never did any kind of check before, you replace suser() with a new call that passes in some kind of flag indicating what privilege is required at this point. The newsuser() routine verifies that the process has the required privilege, but doesn't use the UID in the check. Some systems actually use a mix of UID and other attributes in making the decision. Yes, this does require a thorough kernel audit and a lot of expertise to make sure that the changes are really consistent and do not allow anyone to "sneak around the back fence" to use an apparently benign privilege to do something really nasty. These are issues that are addressed in the government certification processes. paul --------------------------------------------------------- Paul McNabb Argus Systems Group, Inc. Vice President and CTO 1809 Woodfield Drive mcnabb () argus-systems com Savoy, IL 61874 USA TEL 217-355-6308 FAX 217-355-1433 "Securing the Future" ---------------------------------------------------------
Current thread:
- Re: Ports and privileges, (continued)
- Re: Ports and privileges Darren Reed (Feb 21)
- Re: Ports and privileges tqbf (Feb 21)
- Re: Ports and privileges Vinci Chou (Feb 24)
- Re: Ports and privileges Bret McDanel (Feb 25)
- Re: Ports and privileges tqbf (Feb 27)
- Re: Ports and privileges Doug Hughes (Feb 27)
- Re: Ports and privileges Joseph S. D. Yao (Feb 27)
- Re: Ports and privileges Darren Reed (Feb 21)
- Re: Ports and privileges Paul McNabb (Feb 24)
- Re: Ports and privileges tqbf (Feb 24)
- Re: Ports and privileges John Lines (Feb 25)
- Re: Ports and privileges tqbf (Feb 24)
- Re: Ports and privileges Paul McNabb (Feb 25)