Notes - MCS
Identification, Authentication and Authorization
Notes - MCS
Identification, Authentication and Authorization
  • Identification, Authentication and Authorization
  • Access Control Models
    • Access types
    • Least privilege principle
    • Access control models
      • Access control kinds
    • Access control kinds
    • Separation of duties
    • Segregation of duties
    • Information flow models
    • Multilevel security
    • Windows mandatory integrity control
    • Clark-Wilson Integrity Model
  • OAuth 2.0 Authorization Framework
    • Goal
    • Roles (RFC 6749)
    • Communication endpoints
    • Application (client)
    • OAuth tokens
    • OAuth flows
      • Code flow
      • Implicit flow
      • Resource owner password flow
      • Client credentials flow
    • Proof Key for Code Exchange (PKCE, RFC 7636)
    • Device authorization grant (RFC 8628)
    • Actual protocol flow
  • Linux Security Mechanisms
    • Mechanisms
    • Linux management privileges
    • Privilege Elevation
    • Capabilities
    • Files extended attributes (xattr)
    • File capabilities
    • Capability transfer across exec
    • Control groups (cgroups)
    • Linux Security Modules (LSM)
    • AppArmor
    • Confinement
  • Authentication Protocols
    • Identity attributes
    • Authentication
    • Authentication interactions
    • Authentication of people
      • Biometrics
      • Token-based OTP generators
      • PAP & CHAP (RFC 1334, 1992, RFC 1994, 1996)
      • S/Key (RFC 2289, 1998)
      • GSM
    • Host authentication
    • Service/server authentication
    • TLS (Transport Layer Security, RFC 8446)
    • SSH (Secure Shell, RFC 4251)
    • Single Sign-On (SSO)
    • Authentication metaprotocols
    • Authentication services
    • Key distribution services
  • PAM (Pluggable Authentication Modules)
    • Motivation
    • PAM
    • PAM APIs
    • Orchestration of PAM actions
    • Module invocation
    • Configuration files
    • PAM orchestration files
    • Scenario 1 – Local authentication
    • Scenario 2 – LDAP auth with local backoff
    • Scenario 3 – MS AD auth with local backoff
  • FIDO and FIDO2 framework
    • FIDO (Fast Identity Online) Alliance
    • Universal 2nd Factor (U2F) protocol
    • WebAuthn
    • Client to Authenticator Protocol (CTAP)
    • Passkeys
  • Authentication with Trusted Third Parties / KDCs
    • Shared-key authentication
    • Key Distribution Center (KDC) concept
    • Kerberos
  • Identity Management
    • Digital Identity
    • Identity Manager (IdM)
    • Identity Provider (IdP)
    • Authoritative source
    • Identity claim
    • Approachs
    • Credential
    • Privacy issues
    • Verifiable credential (VC)
    • Self-Sovereign Identity (SSI)
    • Interoperability
    • eIDAS
  • Anonymity and Privacy
    • Privacy
    • IEEE Digital Privacy Model
    • Privacy with computing technology
    • Privacy and companies
    • Privacy and IAA
    • Identification
    • Authentication
    • Anonymity
    • Microdata privacy issues
    • Microdata privacy enhancing
    • L-Diversity
Powered by GitBook
On this page
  • List of capabilities
  • Capability management
  • Thread capability sets
  • Effective
  • Inheritable
  • Permitted
  • Bounding
  • Ambient
  1. Linux Security Mechanisms

Capabilities

Protection mechanism introduced in Kernel 2.2.

Allow to divide the traditional super-user privileges into distinct units.

  • That can be independently enabled and disabled.

Capabilities are a per-thread attribute.

  • Propagated through forks.

  • Changed explicitly by execs.

List of capabilities

Examples (small sample …)

  • CAP_CHOWN

    • Make arbitrary changes to file UIDs and GIDs.

  • CAP_DAC_OVERRIDE / CAP_DAC_READ_SEARCH

    • Bypass file permission/directory transversal checks.

  • CAP_KILL

    • Bypass permission checks for sending signals.

  • CAP_NET_ADMIN

    • Perform various network-related operations.

  • CAP_SYS_ADMIN

    • Overloaded general-purpose administration capability.

Capability management

Per-thread capabilities.

  • They define the privileges of the thread.

  • Divided into sets.

Sets.

  • Effective

  • Inheritable

  • Permitted

  • Bounding

  • Ambient

Thread capability sets

Effective

Set of capabilities used by the kernel to perform permission checks for the thread.

That is: these are the effective capabilities being used.

Inheritable

Set of capabilities preserved across an exec.

  • Remain inheritable for any program.

Are added to the permitted set when executing a program that has the corresponding bits set in the file inheritable set.

Permitted

Limiting superset.

  • For the effective capabilities that the thread may assume.

  • For the capabilities that may be added to the inheritable set.

    • Except for threads w/ CAP_SETPCAP in their effective set.

Once dropped, it can never be reacquired.

  • Except upon executing a file with special capabilities.

Bounding

Set used to limit the capabilities that are gained during an exec.

  • From a file with capabilities set.

Was previously a system-wide attribute.

  • Now is a per-thread attribute.

Ambient

Set of capabilities that are preserved across an exec of an unprivileged program.

  • No set-UID or set-GID.

  • No capabilities set.

Executing a privileged program will clear the ambient set.

Ambient capabilities must be both permitted and inheritable.

  • One cannot preserve something one cannot have.

  • One cannot preserve something one cannot inherit.

  • Automatically lowered if either of the corresponding permitted or inheritable capabilities is lowered.

Ambient capabilities are added to the permitted set and assigned to the effective set upon an exec.

Last updated 1 year ago