13. Granting privileged actions

Task: allow user to perform an action that lies off standard user permissions:

Setuid/Setgid

Simple examples:

SETGID directory traversal

This is SETGID directory traversal example

Find all setgid binaries: find /*bin /usr/*bin -perm -2000 -ls

Su/Sudo

Su/sudo ar just setuid wrappers, still allowing certain user to run certain command.

Policy kit

Polkit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes: It is a framework for centralizing the decision making process with respect to granting access to privileged operations for unprivileged applications.

polkit-architecture.png

See more on Arch linux page

Hardening and mandatory access mechanisms

Note: all these mechanisms are mechanisms of restriction, not of allowance

SELinux

SELinux is a security enhancement to Linux which allows users and administrators more control over access control.

AppArmor

AppArmor is Mandatory Access Control (MAC) like security system for Linux. AppArmor confines individual programs to a set of files, capabilities, network access and rlimits, collectively known as the AppArmor policy for the program, or simply as a profile. New or modified policy can be applied to the running system without a reboot.

SMACK, SRBAC, …


  1. Setgid bit here means all the files created under the directory will belong to the auth group; you may skip it, it's irrelevant (1)

HSE/ArchitectureOS/13_GrantingActions (last edited 2020-07-02 15:52:30 by FrBrGeorge)