Getting ready

Linux implements file-level security. Each file has a set of access attributes for user, group and others, and they can be assigned read, write, or execute permissions, as well as some special modes.

Filesystem access is hence based on the system users and groups. When you list files with the ls -l command, you see the file attributes with the following format:

-rwxr-xr-x

The first letter is the file type, followed by triads of user, group, and other permissions. The file can be read, written, and executed by the user that owns it, but only read and executed by a user in the same group or by a different user not in the same group. For directories, executable permissions mean the directory can be entered.

There are three other modes that can be used for certain file types:

  • The setuid bit, which allows us to change the effective user ID of a process to its own user ID instead of the user that ran it. If the setuid bit is set, the x bit will change to s. If the file did not have executable permission for the user, it will use a capital S instead.
  • The setgid bit, which is similar to setuid except it affects the effective group ID. setuid has no effect on directories, while setgid make files created inside the directory inherit the directory's group.
  • The sticky bit, which affects directories so that only root or the file owner are allowed to change files inside the directory. The sticky bit is represented by a t, or capital T if the x permission is set.

File access modes are usually represented in octal format, for example as 0755. Each letter is a file mode bit, with the first number representing the special file mode bits where:

  • 1: sticky bit
  • 2: setgid
  • 4: setuid

This type of file access is categorized as Discretionary Access Control (DAC) as it allows users to change access control attributes of objects they own. Processes have real (who you are) and effective (who you are acting as) user IDs that dictate whether they are able to access a file based on the file's permissions.

Mandatory Access Control (MAC) on the other hand implements a mechanism to constrain the ability of users (subjects) to perform operations on objects, with both subjects and objects having a set of security attributes and operating system rules controlling the access policy. Users cannot modify access permissions. In this model, subjects are usually processes or threads, and objects are operating system resources such as files and directories, but also memory, sockets, IPC, and other elements.

In Linux, MAC is implemented with the Linux Security Module (LSM) framework, over the standard DAC policies. Once access is allowed by DAC, the LSM module is called to finally allow or deny access. The number of objects that LSM controls keeps growing and includes:

  • Filesystem operations
  • Network operations
  • IPC operations
  • Task operations

LSM is used by several Linux security frameworks, including two of the most relevant: Security Enhanced Linux (SELinux) and Simplified Mandatory Access Control Kernel (SMACK). Both need to be configured in the kernel configuration.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset