Practical techniques to obviate setuid-to-root binaries

Jain, Bhushan; Tsai, Chia-Che; John, Jitin; Porter, Donald E.

doi:10.1145/2592798.2592811

Cited by 11 publications

(6 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several approaches [11,17,28] have investigated the status of setuid system calls and identified their semantic inconsistency. This problem occurred with human errors because they were insufficiently documented and poorly designed.…”

Section: Related Workmentioning

confidence: 99%

PoLPer

Jeon

Rhee

Kim

et al. 2019

Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

setuid system calls enable critical functions such as user authentications and modular privileged components. Such operations must only be executed after careful validation. However, current systems do not perform rigorous checks, allowing exploitation of privileges through memory corruption vulnerabilities in privileged programs. As a solution, understanding which setuid system calls can be invoked in what context of a process allows precise enforcement of least privileges. We propose a novel comprehensive method to systematically extract and enforce least privilege of setuid system calls to prevent misuse. Our approach learns the required process contexts of setuid system calls along multiple dimensions: process hierarchy, call stack, and parameter in a process-aware way. Every setuid system call is then restricted to the per-process context by our kernel-level context enforcer. Previous approaches without process-awareness are too coarse-grained to control setuid system calls, resulting in over-privilege. Our method reduces available privileges even for identical code depending on whether it is run by a parent or a child process. We present our prototype called PoLPer which systematically discovers only required setuid system calls and effectively prevents real-world exploits targeting vulnerabilities of the setuid family of system calls in popular desktop and server software at near zero overhead. CCS CONCEPTS • Security and privacy → Systems security; Software and application security;

show abstract

Section: Related Workmentioning

confidence: 99%

PoLPer

Jeon

Rhee

Kim

et al. 2019

Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

show abstract

“…In other words, the same vulnerability described earlier exists for all applications involved with authentication such as login and su. By the way, the same problem exists in project Protego [7], which spares no effort to deprivilege privileged codes.…”

Section: Related Workmentioning

confidence: 99%

Thin Hypervisor-Based User Authentication Mechanism for Linux Security Modules

Bin¹,

Zhao²,

Ma³

et al. 2017

dtcse

View full text Add to dashboard Cite

Abstract. LSM (Linux Security Modules) has been developed as a lightweight, general purpose, access control framework for the mainstream Linux kernel, many tools employ LSM to implement mandatory access control of processes. However, when administrators intend to employ LSM to control a user's behavior instead of just a process's, things become more complicated. Since a user's behavior is reflected by a variety of processes, the control of a user turns into the control of processes associated with the user, which needs the ability to match up a process's identity to a particular user. Unfortunately, without a strong user authentication mechanism, malicious users can easily bypass the behavior control framework by juggling the identity of a process. In this paper, a practical, efficient, secure mechanism, namely RTA (Real-Time Authentication) is proposed to add real-time user authentication support for traditional LSM. The proposed mechanism employs the ID management framework in a thin hypervisor, BitVisor. At last, a new security module called EWL (Executable White List) is designed and implemented based on RTA and LSM, the experimental results show that EWL ensures security and has small system overhead.

show abstract

“…Debian packages have been analyzed to study the evolution of the software itself [29,37,45], to measure the popularity of application programming languages [10], to analyze dependencies between the packages [23], to identify trends in package sizes [12], the number of developers involved in developing and maintaining a package [44], and estimating the cost of development [11]. Jain et al used popularity contest survey data to prioritize the implementation effort for new system security policies [33]. This study is unique in using this information to infer the relative importance of of system APIs to end users, based on frequency of application installation.…”

Section: Related Workmentioning

confidence: 99%

A study of modern Linux API usage and compatibility

Tsai

Jain

Abdul

et al. 2016

Proceedings of the Eleventh European Conference on Computer Systems

Self Cite

View full text Add to dashboard Cite

This paper presents a study of Linux API usage across all applications and libraries in the Ubuntu Linux 15.04 distribution. We propose metrics for reasoning about the importance of various system APIs, including system calls, pseudo-files, and libc functions. Our metrics are designed for evaluating the relative maturity of a prototype system or compatibility layer, and this paper focuses on compatibility with Linux applications. This study uses a combination of static analysis to understand API usage and survey data to weight the relative importance of applications to end users. This paper yields several insights for developers and researchers, which are useful for assessing the complexity and security of Linux APIs. For example, every Ubuntu installation requires 224 system calls, 208 ioctl, fcntl, and prctl codes and hundreds of pseudo files. For each API type, a significant number of APIs are rarely used, if ever. Moreover, several security-relevant API changes, such as replacing access with faccessat, have met with slow adoption. Finally, hundreds of libc interfaces are effectively unused, yielding opportunities to improve security and efficiency by restructuring libc.

show abstract

Practical techniques to obviate setuid-to-root binaries

Cited by 11 publications

References 10 publications

PoLPer

PoLPer

Thin Hypervisor-Based User Authentication Mechanism for Linux Security Modules

A study of modern Linux API usage and compatibility

Contact Info

Product

Resources

About