Secure Execution Environments

Linux login

Not an OS kernel operation

A privileged login application presents an interface for getting users’ credentials.

  • A username/password pair.

  • Biometric data.

  • Smartcard and activation PIN.

The login application validates the credentials and fetches the appropriate UID and GIDs for the user.

  • And starts an initial user application on a process with those identifiers.

    • In a Linux console, this application is a shell (sh, bash, csh, tcsh, zsh, etc.)

  • When this process ends the login application reappears.

Thereafter all processes created by the user have their identifiers.

  • Inherited through forks.

From login to session processes

The login process must be a privileged process.

  • Has to create processes with arbitrary UID and GIDs.

    • The ones of the entity logging in.

Password validation process

The username is used to fetch a UID/GID pair from /etc/passwd.

  • And a set of additional GIDs in the /etc/group file.

The supplied password is transformed using a digest function.

  • Currently configurable, for creating a new user (/etc/login.defs).

  • Its identification is stored along with the transformed password.

The result is checked against a value stored in /etc/shadow.

  • Indexed again by the username.

  • If they match, the user was correctly authenticated.

File protections.

  • /etc/passwd and /etc/group can be read by anyone.

    • This is fundamental, for instance, for listing directories (why?)

  • /etc/shadow can only be read by root.

    • Protection against dictionary attacks.

PreviousPrivilege reductionNextModes of Operation

Last updated