|
Setuid
The Unix and Linux access rights flags setuid and setgid (short for ''set user identity'' and ''set group identity'') allow users to run an executable with the file system permissions of the executable's owner or group respectively and to change behaviour in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific. The flags setuid and setgid are needed for tasks that require different privileges than what the user is normally granted, such as the ability to alter system files or databases to change their login password. Some of the tasks that require additional privileges may not immediately be obvious, though, such as the ping command, which must send and listen for control packets on a network interface. File modes The setuid and setgid bits are normally represented a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
File System Permissions
Typically, a file system maintains permission settings for each stored item commonly files and directories that either grant or deny the ability to manipulate file system items. Often the settings allow controlling access based on function such as read, change, navigate, and execute and to different users and groups of users. One well-established technology was developed for Unix and later codified by POSIX. Another common technology is an access-control list (ACL) with multiple variants implemented in file systems and one codified by POSIX. Since POSIX defines both the older Unix-based technology as well as ACLs, the former is called ''traditional POSIX permissions'' for clarity even though it is not a well-known term. A permission-driven user interface tailors the functionality available to the user based on file system item permissions. For example, the interface might hide menu options that are not allowed based on the permissions stored for an item. Examples File sy ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Confused Deputy Problem
In information security, a confused deputy is a computer program that is tricked by another program (with fewer privileges or less rights) into misusing its authority on the system. It is a specific type of privilege escalation. The confused deputy problem is often cited as an example of why capability-based security is important. Capability systems protect against the confused deputy problem, whereas access-control list–based systems do not. Example In the original example of a confused deputy, there was a compiler program provided on a commercial timesharing service. Users could run the compiler and optionally specify a filename where it would write debugging output, and the compiler would be able to write to that file if the user had permission to write there. The compiler also collected statistics about language feature usage. Those statistics were stored in a file called "(SYSX)STAT", in the directory "SYSX". To make this possible, the compiler program was given permi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Unix
Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others. Initially intended for use inside the Bell System, AT&T licensed Unix to outside parties in the late 1970s, leading to a variety of both academic and commercial Unix variants from vendors including University of California, Berkeley ( BSD), Microsoft (Xenix), Sun Microsystems ( SunOS/ Solaris), HP/ HPE ( HP-UX), and IBM ( AIX). The early versions of Unix—which are retrospectively referred to as " Research Unix"—ran on computers such as the PDP-11 and VAX; Unix was commonly used on minicomputers and mainframes from the 1970s onwards. It distinguished itself from its predecessors as the first portable operating system: almost the entire operating system is written in the C programming language (in 1973), which allows U ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Exploit
An exploit is a method or piece of code that takes advantage of Vulnerability (computer security), vulnerabilities in software, Application software, applications, Computer network, networks, operating systems, or Computer hardware, hardware, typically for malicious purposes. The term "exploit" derives from the English verb "to exploit," meaning "to use something to one’s own advantage." Exploits are designed to identify flaws, bypass security measures, gain unauthorized access to systems, take control of systems, install malware, or data breach, steal sensitive data. While an exploit by itself may not be a malware, it serves as a vehicle for delivering malicious software by breaching security controls. Researchers estimate that malicious exploits cost the global economy over US$450 billion annually. In response to this threat, organizations are increasingly utilizing cyber threat intelligence to identify vulnerabilities and prevent hacks before they occur. Description Expl ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Unix Security
Unix security refers to the means of securing a Unix or Unix-like operating system. Design concepts Permissions A core security feature in these systems is the file system permissions. All files in a typical Unix filesystem have permissions set enabling different access to a file. Unix permissions permit different users access to a file with different privilege (e.g., reading, writing, execution). Like users, different ''user groups'' have different permissions on a file. User groups Many Unix implementations add an additional layer of security by requiring that a user be a member of the ''wheel'' user privileges group in order to access the su command. Root access Most Unix and Unix-like systems have an account or group which enables a user to exact complete control over the system, often known as a root account. If access to this account is gained by an unwanted user, this results in a complete breach of the system. A root account however is necessary for administrative p ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
PolicyKit
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy. It is developed and maintained by David Zeuthen from Red Hat and hosted by the freedesktop.org project. It is published as free software under the terms of version 2 of the GNU Lesser General Public License. Since version 0.105, released in April 2012, the name of the project was changed from ''PolicyKit'' to ''polkit'' to emphasize that the system component was rewritten and that the API had changed, breaking backward compatibility. Fedora became the first distribution to include PolicyKit, and it has since been used in other distributions, including Ubuntu since version 8.04 and openSUSE since version 10.3. Some distributions, like Fedora, have already switched to the rewritten polkit. It is also possible ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Sudo
() is a shell (computing), shell command (computing), command on Unix-like operating systems that enables a user to run a program with the security privileges of another user, by default the superuser. It originally stood for "superuser do", as that was all it did, and this remains its most common usage; however, the official Sudo project page lists it as "su 'do. The current Linux manual pages define as "substitute user", making the correct meaning of "substitute user, do", because can run a command as other users as well. Unlike the similar command Su (Unix), su, users must, by default, supply their own password for authentication, rather than the password of the target user. After authentication, and if the configuration file (typically #Configuration, /etc/sudoers) permits the user access, the system invokes the requested command. The configuration file offers detailed access permissions, including enabling commands only from the invoking terminal; requiring a password p ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Chmod
is a shell command for changing access permissions and special mode flags of files (including special files such as directories). The name is short for ''change mode'' where ''mode'' refers to the permissions and flags collectively. The command originated in AT&T Unix version 1 and was exclusive to Unix and Unix-like operating systems until it was ported to other operating systems such as Windows (in UnxUtils) and IBM i. In Unix and Unix-like operating systems, a system call with the same name as the command, , provides access to the underlying access control data. The command exposes the capabilities of the system call to a shell user. As the need for enhanced file-system permissions grew, access-control lists were added to many file systems to augment the modes controlled via . The implementation of bundled in GNU coreutils was written by David MacKenzie and Jim Meyering. Use Although the syntax of the command varies somewhat by implementation, it generally acc ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Process Identifier
In computing, the process identifier (a.k.a. process ID or PID) is a number used by most operating system kernel (operating system), kernels—such as those of Unix, macOS and Windows—to uniquely identify an active Process (computing), process. This number may be used as a parameter in various function calls, allowing processes to be manipulated, such as adjusting the process's priority or kill (command), killing it altogether. Unix-like In Unix-like operating systems, new processes are created by the Fork (operating system), fork() system call. The PID is returned to the parent process, enabling it to refer to the child in further function calls. The parent may, for example, wait for the child to terminate with the waitpid() function, or terminate the process with kill(). There are two tasks with specially distinguished process IDs: PID 0 is used for ''swapper'' or ''sched'', which is part of the kernel and is a process that runs on a CPU core whenever that CPU core has not ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Group Identifier
In Unix-like systems, multiple users can be put into '' groups''. POSIX and conventional Unix file system permissions are organized into three classes, ''user'', ''group'', and ''others''. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks, printers, and other peripherals. This method, among others, also enables the superuser to delegate some administrative tasks to normal users, similar to the ''Administrators'' group on Microsoft Windows NT and its derivatives. A group identifier, often abbreviated to GID, is a numeric value used to represent a specific group. The range of values for a GID varies amongst different systems; at the very least, a GID can be between 0 and 32,767, with one restriction: the login group for the superuser must have GID 0. This numeric value is used to refer to groups in the /etc/passwd and /etc/group files or their equivalents. Shadow password files and Network Information Service also re ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
User Identifier
Unix-like operating systems identify a user by a value called a user identifier, often abbreviated to user ID or UID. The UID, along with the group identifier (GID) and other access control criteria, is used to determine which system resources a user can access. The Passwd (file), password file maps textual user names to UIDs. UIDs are stored in the inodes of the Unix file system, running processes, tar archives, and the now-obsolete Network Information Service. In POSIX-compliant environments, the shell command id gives the current user's UID, as well as more information such as the user name, primary user group and group identifier (GID). Process attributes The POSIX standard introduced three different UID fields into the process descriptor table, to allow privileged processes to take on different roles dynamically: Effective user ID The effective UID (euid) of a process is used for most access checks. It is also used as the owner for files created by that process. The effectiv ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Public Domain
The public domain (PD) consists of all the creative work to which no Exclusive exclusive intellectual property rights apply. Those rights may have expired, been forfeited, expressly Waiver, waived, or may be inapplicable. Because no one holds the exclusive rights, anyone can legally use or reference those works without permission. As examples, the works of William Shakespeare, Ludwig van Beethoven, Miguel de Cervantes, Zoroaster, Lao Zi, Confucius, Aristotle, L. Frank Baum, Leonardo da Vinci and Georges Méliès are in the public domain either by virtue of their having been created before copyright existed, or by their copyright term having expired. Some works are not covered by a country's copyright laws, and are therefore in the public domain; for example, in the United States, items excluded from copyright include the formulae of Classical mechanics, Newtonian physics and cooking recipes. Other works are actively dedicated by their authors to the public domain (see waiver) ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
