Notes - MCS
Secure Execution Environments
Notes - MCS
Secure Execution Environments
  • Secure Execution Environments
  • Introduction
    • Trusted Computing Base (TCB)
    • TEE (Trusted Execution Environment)
    • Can you trust the operating system?
  • Security in Operating Systems
    • Operating system
    • Virtual machines and hypervisors
    • Computational model
    • Access control
    • Protection with capabilities
    • Unix file protection ACLs
    • Windows NTFS file protection
    • Unix file protection ACLs
    • Privilege elevation
    • Privilege reduction
    • Linux login
  • Virtualization on Intel Processors
    • Modes of Operation
    • Virtual memory
    • How to put assembly instructions inside C code
    • A more elaborate example
    • Useful assembly instructions
  • Intel Software Guard Extensions
    • What is SGX (Software Guard eXtensions)?
    • SGX Enclave Memory
    • Guidelines for designing applications using SGX
    • Performance Overhead
    • SDK compilation modes
    • Writing Enclave Functions
  • ARM TrustZone
    • SoC and IP
    • ARM TrustZone
    • Worlds
    • Architecture
    • TrustZone bootstrap
  • Linux Kernel Namespaces
    • Namespaces
    • Advantages
    • Process Namespace
    • Network namespace
    • Mount namespace
    • UTS namespace
    • User namespace
  • LXC Linux Containers
    • Container
    • LXC containers
  • AppArmor
    • Purpose
    • Enforcement
    • Benefits
    • Attack prevention
    • Enforcement policies
    • Enforcement modes
    • Logging and auditing
    • Profiles
  • TPM (Trusted Platform Module)
    • Trusted Platform Module (TPM)
    • History
    • Cryptographic Concepts
    • Use cases
    • TPM Software Stack (TSS)
    • TPM concepts
    • Entities
    • Key management
    • Restrict signatures
    • Sessions
    • Authorization roles
  • Bootstrap security
    • AEGIS
    • Trusted computing
    • Root of Trust Measurements
    • Trusted Computing Platform Alliance (TCPA)
    • TPM-based attestation
    • Trusted Platform identity credentials
    • UEFI (Unified Extensible Firmware Interface)
    • NSA Boot Security
    • UEFI secure boot & TPM measurements
    • Intel Trusted Execution Technology (TXT)
    • Smartcards
      • Java Cards
      • OpenCard Framework (OCF)
      • Cryptographic services
Powered by GitBook
On this page
  • Set-UID mechanism
  • Effective UID / Real UID
  • UID change
  • Set-UID/Set-GID decision flowchart
  • sudo mechanism
  1. Security in Operating Systems

Privilege elevation

Set-UID mechanism

It is used to change the UID of a process running a program stored on a Set-UID file.

  • If a program file is owned by UID X and the set-UID bit of its ACL is set, then it will be executed in a process with UID X.

    • Independently of the UID of the subject that executed the program.

Used to allow normal users to execute privileged tasks encapsulated in administration programs.

  • Change the user’s password (passwd)

  • Change to super-user mode (su, sudo)

  • Mount devices (mount)

Effective UID / Real UID

  • Real UID is the UID of the process creator.

    • App launcher.

  • Effective UID is the UID of the process.

    • The one that matters for defining the rights of the process.

UID change

  • Ordinary application.

    • eUID = rUID = UID of process that executed exec

    • eUID cannot be changed (unless = 0)

  • Set-UID application.

    • eUID = UID of executed application file, rUID = initial process UID

    • eUID can revert to rUID

  • rUID cannot change.

Set-UID/Set-GID decision flowchart

exec ( path, …)

  • Does the file referred by the path have Set-UID?

    • Yes.

      • ID = path owner.

      • Change the process effective UID to ID.

    • No.

      • Do nothing.

  • Does the file referred by path have Set-GID?

    • Yes

      • ID = path GID.

      • Change the process from GID to ID only.

    • No.

      • Do nothing.

sudo mechanism

Administration by root is not advised.

  • One “identity”, many people.

  • Who did what?

Preferable approach.

  • Administration role (uid = 0), many users assume it.

    • Sudoers.

    • Defined by a configuration file used by sudo.

sudo is a Set-UID application with UID = 0.

  • Logging can take place on each command run with sudo.

Last updated 1 year ago