Implementing a Secure Setuid Program

T. Shinagawa and K. Kono (Japan)


Security, Operating System, Finegrained Protection Do main


Setuid programs are often exploited by malicious attack ers to obtain unauthorized access to local systems. Setuid programs, especially owned by the root user, are granted root privileges, allowing attackers to gain root privileges by exploiting vulnerabilities in the setuid-root programs. The vulnerabilities usually lie in code that does not require root privileges. Nevertheless, the entire code of setuid-root programs is granted root privileges. This paper presents a scheme called privileged code minimization that reduces the risk to setuid programs. In this scheme, setuid-root pro grams are divided into privileged code and non-privileged code. Privileged code is granted root privileges, while non-privileged code is not. This scheme reduces the size of trusted computing base (TCB) because it reduces the code running with root privileges, reducing the chances of attackers gaining root privileges by subverting setuid programs. Protection between privileged code and non privileged code are enforced by fine-grained protection do mains: a novel protection mechainsm of the operating sys tem proposed by the authors.

Important Links:

Go Back