Chapter 38: Writing Secure Privileged Programs

Privileged programs have access to features and resources (files, devices, and so on) that are not available to ordinary users. A program can run with privileges by two general means:
  • The program was started under a privileged user ID. Many daemons and network servers, which are typically run as root, fall into this category.
  • The program has its set-user-ID or set-group-ID permission bit set. When a set-user-ID (set-group-ID) program is execed, it changes the effective user (group) ID of the process to be the same as the owner (group) of the program file.
If a privileged program contains bugs, or can be subverted by a malicious user, then the security of the system or an application can be compromised. From a security viewpoint, we should write programs so as to minimize both the chance of a compromise and the damage that can be done if a compromise does occur. These topics form the subject of this chapter.

38 Writing Secure Privileged Programs
38.1 A Checklist for Secure Programming
38.2 Summary
38.3 Exercises

No comments:

Post a Comment