1 / 17

Operating Systems

Operating Systems. Recitation 11, June 9-10, 2002. Motivation. Privileged facility needs to be available for general users. Example: Allow user to perform specific operation that requires root permissions. Process and file identities. Process: (user ID, group ID) x (real, effective)

Download Presentation

Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Operating Systems Recitation 11, June 9-10, 2002

  2. Motivation • Privileged facility needs to be available for general users. • Example: Allow user to perform specific operation that requires root permissions.

  3. Process and file identities • Process: (user ID, group ID) x (real, effective) real: user running program effective: user whose permissions are used to access files and resources. • File: owner ID, group owner ID domain (set user ID) bit.

  4. Domain bit (set user ID bit) • If user X executes a file owned by Y, whose domain bit is off, then real and effective user ID’s of process are set to X. • If domain bit is on, then real user ID of process is set to X, and effective user ID is set to Y.

  5. Process real and effective user ID’s #include <sys/types.h> #include <unistd.h> uid_t getuid(void); uid_t geteuid(void); • Return real, effective user ID of calling process.

  6. Process real and effective user ID’s #include <sys/types.h> #include <unistd.h> int setuid(uid_t uid); • Sets both real and effective user ID’s. • Only super-user. int seteuid(uid_t uid); • Set effective user ID of process. • Return 0 if OK, -1 on error.

  7. User name Encrypted password Numerical user ID Numerical group ID Comment field Initial working dir Initial shell char* pw_name char* pw_passwd uid_t pw_uid gid_t pw_gid char* pw_gecos char* pw_dir char* pw_shell Password file

  8. Entries in password file #include <sys/types.h> #include <pwd.h> struct passwd* getpwuid(uid_t uid); struct passwd* getpwnam(const char *name); • Return pointer if OK, NULL on error. • Examples: • getpwuid is used by ls program to map numerical user ID in i-node to user’s login. • getpwnam is used by login program when entering login name.

  9. Passwords in Unix • Encryption of Unix passwords: one-way function (crypt). • User passwords are far from random. • Brute force (statistical, dictionary): educated guess, apply function, compare result. • Shadow passwords: instead of visible encrypted passwords (in /etc/passwd file), store with root access (in /etc/shadow file). • Breakable.

  10. Exercise description • Write a program that reads information from two files which only have owner permissions, by setting the program’s set-user-ID bit. • User x runs a program owned by user y, and the program’s domain (suid) bit is on. • Users x and y each have a secret file in their initial directory that only they can access. • Program prints a line from both files.

  11. Exercise description • Get real user ID (user running program). Set effective user to real user (if file suid bit is on then effective user was initially the program owner). Read first line of file named secret which in user’s initial directory, and printout user’s name, full path of secret file, and first line of secret file.

  12. Exercise description • Get user ID of program owner using stat function (st_uid member in stat structure).

  13. Exercise description • Get user name and initial directory of program owner. Set effective user ID (back) to program owner. Read first line of secret file which is in user’s initial directory, and printout user’s name, full path of secret file, and first line of secret file.

  14. Exercise notes • Save file named secret only with owner read/write permissions (chmod 600). • Other users can access this file only using the ex-suid program.

  15. Exercise description • Example run: % /tmp/y/program real user: x secret file: /a/home/cc/students/cs/x/secret secret: X program owner: y secret file: /a/home/cc/cs/y/secret secret: Y

  16. Exercise submission • Submission: optional. • Software Directory: ~username/os02b/ex-suid Files: ex-suid.c Permissions: chmod ugo+rx (to above) • Hardcopy name, ID, login, CID ex-suid.c submit in 281, Nir Noimark, nirn@post.tau.ac.il • Environment: Unix, Linux

  17. References • Operating systems, Sivan Toledo, Akademon, 2001. • Operating systems concepts, Abraham Silberschatz and Peter Galvin, 1994. • Advanced programming in the Unix environment, Richard Stevens, Addison-Wesley, 1993.

More Related