LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-10-2007, 01:15 PM   #1
The.Hammer.911
LQ Newbie
 
Registered: May 2007
Posts: 1

Rep: Reputation: 0
Linux Privilege Escalation


Hi all,

My first post. Would like to get everyone's opinion on something.

Here's a hypothetical situation regarding a hypothetical commercial application:

1. The application is intended for use by normal users.
2. The application must run in a non-interactive mode (for scripting and such).
3. The application has to run as ROOT to do it's thing.
4. The application calls various standard system utilities that are not a part of the application package.

Normally, I would expect that the system utility files that are called are not world writeable.

So here's the question(s):

Does the application have any responsibility for ensuring that it isn't going to potentially be the path to privilege escalation? If so, what would you do within the app?

Thanks!
 
Old 05-10-2007, 06:07 PM   #2
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 70
Hello and welcome to LQ.

To me, numbers 1 and 3 are conflicting. If the program needs special privileges to do a certain task (for example, bind to a port number less than 1024), I would suggest there are a few ways to minimize possibility of privilege escalation within the program (and yes, I think it is the “responsibility” of any app that needs special privileges to minimize the chance that it would be used for privilege escalation):
  1. Run initially as root. Do what you need to do (e.g., bind to low port) as early as possible, and then change user.
  2. Run initially as root. Change to a “normal” user, while keeping whichever POSIX capabilities are required.
  3. Run initially as a non-root, dedicated user. From within your application, execute a helper application (i.e., fork()/exec()) through sudo (your dedicated user should be given permission to run this and only this helper application as root in the sudoers file). This helper application will have the sole purpose of granting your process a special POSIX capability.
Among those, number 1 is the most commonly used. This is probably because it is more “portable” (POSIX capabilities and sudo are not found everywhere). Number 3 is the most “secure” (IMHO), since the only application running as “root” is the helper, which should be small and easy to maintain/audit. Of course, some capabilities are more valuable than others, and perhaps hijacking the application with a certain capability is privilege escalation enough for some purposes. In that case, there might be an optional step for numbers 2 and 3 that involves dropping capabilities after “doing its thing” (perhaps with the help of a helper application).

P.S., notice the lack of an apostrophe in my use of “its”.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux folder privilege issue George2 Linux - Software 2 04-28-2007 11:05 AM
LXer: Postgresql Privilege Escalation and Denial of Service ... LXer Syndicated Linux News 0 02-16-2006 02:01 AM
how to get root privilege in a script jpan Linux - General 5 01-07-2005 02:46 PM
sound privilege LinuxWannaBE916 Linux - Newbie 2 03-29-2004 08:32 PM
WARN: Kernel 2.6/Samba privilage escalation vuln chort Linux - Security 0 02-15-2004 04:27 AM


All times are GMT -5. The time now is 07:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration