Secure Programming for Linux and Unix by David A. Wheeler

Secure Programming for Linux and Unix by David A. Wheeler

Author:David A. Wheeler
Language: eng
Format: mobi
Publisher: UNKNOWN
Published: 2018-06-17T23:00:00+00:00


7.4.3. Minimize the Time the Privilege is Active

Use setuid(2), seteuid(2), setgroups(2), and related functions to ensure that the program only has these privileges active when necessary, and then temporarily deactivate the privilege when it’s not in use. As noted above, you might want to ensure that these privileges are disabled while parsing user input, but more generally, only turn on privileges when they’re actually needed.

Note that some buffer overflow attacks, if successful, can force a program to run arbitrary code, and that code could re-enable privileges that were temporarily dropped. Thus, there are many attacks that temporarily deactivating a privilege won’t counter - it’s always much better to completely drop privileges as soon as possible. There are many papers that describe how to do this, such as "Designing Shellcode Demystified". Some people even claim that “seteuid() [is] considered harmful” because of the many attacks it doesn’t counter. Still, temporarily deactivating these permissions prevents a whole class of attacks, such as techniques to convince a program to write into a file that perhaps it didn’t intend to write into. Since this technique prevents many attacks, it’s worth doing if permanently dropping the privilege can’t be done at that point in the program.



Download



Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.