changing user and group id s n.
Skip this Video
Loading SlideShow in 5 Seconds..
Changing User and Group ID’s PowerPoint Presentation
Download Presentation
Changing User and Group ID’s

Loading in 2 Seconds...

play fullscreen
1 / 13

Changing User and Group ID’s - PowerPoint PPT Presentation

  • Uploaded on

Changing User and Group ID’s. setuid() and setgid() set the real user and group ID’s of a process to the extent of the process permission UID’s and GID’s are typically manipulated to extend or contract access permissions for a process. Logic of UID/GID changes. exec

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Changing User and Group ID’s

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Changing User and Group ID’s • setuid() and setgid() set the real user and group ID’s of a process to the extent of the process permission • UID’s and GID’s are typically manipulated to extend or contract access permissions for a process

    2. Logic of UID/GID changes • exec • does not alter real UID/GID • sets EUID/EGID from corresponding bits of program file • copies SSUID/SSGID from EUID/EGID on call • setuid() • superuser: sets all three UID’s, all three GID’s • unprived user: sets EUID/EGID IF matches existing effective ID’s or saved-set ID’s

    3. setreuid() and setregid() Functions • used to swap RUID with EUID or set one to the other • superuser may make any change, or any assignment • unprived user may swap RUID with EUID, or set one to the other, or set EUID to SSUID

    4. seteuid() and setegid() Functions • for setting effective ID’s only • unprived user may set EUID to RUID or SSUID • prived user may set EUID to any value

    5. Group ID’s • group ID functions mirror the user ID functions • setgid() – set GID • setregid() – swap effective and real GID • setegid() – set only effective GID

    6. Interpreter Files • interpreter files are sometimes known as ‘scripts’ • all interpreter files begin with #! symbol, followed by the path to the interpreter • path is absolute • possible 32 character limit to pathname • Interpreter files are ‘exec’ed’ by the kernel, using the interpreter from the #! line, and passing the interpreter file as an argument to it

    7. Features of interpreter file use • when kernel exec’s the interpreter file, it shifts the arguments to the exec’d program (the interpreter) two places to the right • arg(0) is set to the interpreter • arg(1) is set to the optional arg(1) for the interpreter • arg(2) is set to the path of the interpreter file (script)

    8. System Function • designed to allow programs to execute a command string from inside a process • system() calls are effectively calls to a shell to execute a single command and return • command strings can be thought of as any command you can give from a shell prompt • system() function reduces programmer time involved in ‘one off’ calls to other programs

    9. Set-User-ID Programs • SUID programs that call system can retain their effective UID when exec’ing the shell command • MAJOR security hole, DO NOT call system() from an SUID or SGID program, use fork() and exec() directly, being careful to watch your effective ID’s. • shell’s have holes you could drive a truck through (environment variables being one of many), and system() calls a shell • as a rule of thumb, never set the SUID or SGID bits on programs which rely on other programs whose code you don’t control, or can’t ABSOLUTELY trust

    10. Process Accounting • process accounting is an option enabled or disabled on a particular system by the administrator • with accton() the kernel keeps records on resource usage of processes • records are kept per process, programs exec’ed by another process accumulate resource totals under the original process ID

    11. User Identification • getlogin() can be used to identify the login name attached to the login from which a process was run • UID’s can have multiple login names attached • different shells • different home directories • will not work for processes not attached to terminal (daemon’s)

    12. Process Times • there are three time values associated with any process • clock (real) time • system cpu time • user cputime • clock time is very dependent on system load, other times less so

    13. times() Function • times() function returns wall clock time • ‘child’ times are for all ‘waited’ on children • return value is in clock ticks, use sysconf() to convert to seconds on specific system