CS252: Systems Programming Ninghui Li Based on Slides by Prof. Gustavo Rodriguez-Rivera Topic 17: Signals, Process Credentials.

Slides:



Advertisements
Similar presentations
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Unix system calls (part 1) history and.
Advertisements

Computer Science CSC 405 LabBy Yuzheng Zhou1 CSC 405 Introduction to Computer Security Lab session.
Using tcpdump. tcpdump is a powerful tool that allows us to sniff network packets and make some statistical analysis out of those dumps. tcpdump operates.
Elementary TCP Sockets© Dr. Ayman Abdel-Hamid, CS4254 Spring CS4254 Computer Network Architecture and Programming Dr. Ayman A. Abdel-Hamid Computer.
Essential System Administration 3rd Edition Chapter 2 The Unix Way(Cont.) University Of Palestine.
Process Relationships Terminal and Network Logins Process Groups and Sessions Job Control Relationships.
1 Introduction to UNIX Ke Liu
CS5261 Information Security CS 526 Topic 8: Operating Systems Security Basics & Unix Access Control Topic 8: Operating System Security Basics.
CS 497C – Introduction to UNIX Lecture 26: - The Process Chin-Chih Chang
1 Processes Professor Jennifer Rexford
1 Processes and Pipes COS 217 Professor Jennifer Rexford.
CS 311 – Lecture 14 Outline Process management system calls Introduction System calls  fork()  getpid()  getppid()  wait()  exit() Orphan process.
1 Processes and Pipes. 2 "He was below me. I saw his markings, manoeuvred myself behind him and shot him down. If I had known it was Saint-Exupery, I.
Process Process: the UNIX abstraction of a stand-along computer that manages resources (memory, CPU, I/O resources) comprising a running program. Processes.
Setuid Demystified (and how it may relate to stored procedure authorizations) Mahesh.
Daemon Processes and inetd Superserver
Concurrent vs. iterative servers
Phones OFF Please Processes Parminder Singh Kang Home:
Client Server Model and Software Design TCP/IP allows a programmer to establish communication between two application and to pass data back and forth.
LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2.
Server Design Discuss Design issues for Servers Review Server Creation in Linux.
CS252: Systems Programming Ninghui Li Based on Slides by Prof. Gustavo Rodriguez-Rivera Topic 3: Unix Systems Overview.
CS252: Systems Programming Ninghui Li Final Exam Review.
Distributed Computing Systems Project 2 – Distributed Shell Due: Friday, April 4 th.
Elementary TCP Sockets
Second edition Your UNIX: The Ultimate Guide Das © 2006 The McGraw-Hill Companies, Inc. All rights reserved. UNIX – The Process System Process and init.
Let’s look at an example I want to write an application that reports the course scores to you. Requirements: –Every student can only get his/her score.
1 Logging in to a UNIX System init ( Process ID 1 created by the kernel at bootstrap ) spawns getty for every terminal device invokes our login shell terminal.
CS426Fall 2010/Lecture 91 Computer Security CS 426 Lecture 9 Unix Access Control.
CS252: Systems Programming Ninghui Li Based on Slides by Prof. Gustavo Rodriguez-Rivera Topic 8: Opening Files and Starting Processes.
The Socket Interface Chapter 21. Application Program Interface (API) Interface used between application programs and TCP/IP protocols Interface used between.
The kernel considers each program running on your system to be a process A process lives as it executes, with a lifetime that may be short or long A process.
Hands On UNIX II Dorcas Muthoni. Processes A running instance of a program is called a "process" Identified by a numeric process id (pid)‏  unique while.
8-Sep Operating Systems Yasir Kiani. 8-Sep Agenda for Today Review of previous lecture Process scheduling concepts Process creation and termination.
Process Control Process identifiers Process creation fork and vfork wait and waitpid Race conditions exec functions system function.
Scis.regis.edu ● CS 468: Advanced UNIX Class 4 Dr. Jesús Borrego Regis University 1.
Processes Dr. Yingwu Zhu. Process Concept Process – a program in execution – What is not a process? -- program on a disk - a process is an active object,
Operating Systems Process Creation
CS4315A. Berrached:CMS:UHD1 Process Management Chapter 6.
What is a Process? u A process is an executable “cradle” in which a program may run u This “cradle” provides an environment in which the program can run,
Client/Server Socket Programming Project
1 Setuid Demystified Hao Chen David Wagner UC Berkeley Drew Dean SRI International Proceedings of the 11th USENIX Security Symposium San Francisco, California,
Information Security CS 526
ACCESS CONTROL. Components of a Process  Address space  Set of data structures within the kernel - process’s address space map - current status - execution.
CSC414 “Introduction to UNIX/ Linux” Lecture 3
PROCESSES We will learn more about: ¨ Multi-user processing and multi −tasking ¨ Multi-user processing and multi −tasking ¨ Process types ¨ Process types.
Unix System Administration Controlling Processes Chapter 5.
Company LOGO Security in Linux PhiHDN - VuongNQ. Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security.
...looking a bit closer under the hood
Let’s look at an example
CS703 - Advanced Operating Systems
SYSTEM ADMINISTRATION PART I by İlker Korkmaz and Kaya Oğuz
...looking a bit closer under the hood
Hands On UNIX AfNOG 2010 Kigali, Rwanda
Concurrent vs. iterative servers
Unix Process Management
Hands On UNIX AfNOG X Cairo, Egypt
Processes in Unix, Linux, and Windows
Processes in Unix, Linux, and Windows
...looking a bit closer under the hood
Operating Systems Lecture 6.
CGS 3763 Operating Systems Concepts Spring 2013
Concurrency Wrap-Up & Final Review
Advanced Network Programming spring 2007
Lecture 6: Multiprogramming and Context Switching
The Attack and Defense of Computers
Processes in Unix, Linux, and Windows
Processes – Part I.
CS510 Operating System Foundations
Access Control and Audit
Presentation transcript:

CS252: Systems Programming Ninghui Li Based on Slides by Prof. Gustavo Rodriguez-Rivera Topic 17: Signals, Process Credentials

Process’ Properties A process has the following properties: PID: Index in process table PPID: Parent process id PGID: Process group id (affect signal delivery) Command and Arguments Environment Variables Current Dir User IDs Stdin/Stdout/Stderr

Related System Calls #include pid_t getpid(void); get current process id pid_t getppid(void);get parent process id pid_t getpgrp(void);get process group id of current process pid_t getpgrp(pid_t pid); get process group id int setpgrp(pid_t pid, pid_t pgid); pid==0 sets current process, pgid==0 uses pid as pgid

CS5 26 Topic 10: Operating System Security Basics 4 Process User ID Model in Modern UNIX Systems Each process has three user IDs real user ID (ruid)owner of the process effective user ID (euid)used in most access control decisions saved user ID (suid) and three group IDs real group ID effective group ID saved group ID

CS5 26 Topic 10: Operating System Security Basics 5 Process User ID Model in Modern UNIX Systems When a process is created by fork it inherits all three users IDs from its parent process When a process executes a file by exec it keeps its three user IDs unless the set-user-ID bit of the file is set, in which case the effective uid and saved uid are assigned the user ID of the owner of the file A process may change the user ids via system calls

CS5 26 Topic 10: Operating System Security Basics 6 The Need for suid/sgid Bits Some operations are not modeled as files and require user id = 0 halting the system bind/listen on “privileged ports” (TCP/UDP ports below 1024) non-root users need these privileges File level access control is not fine-grained enough, e.g., turnin, to change your password, etc.

CS5 26 Topic 10: Operating System Security Basics 7 login pid2235 euid0 ruid0 suid0 login pid2235 euid500 ruid500 suid500 setuid(500) After the login process verifies that the entered password is correct, it issues a setuid system call. bash pid2235 euid500 ruid500 suid500 exec(“bash”) The login process then loads the shell, giving the user a login shell. fork() The user types in the passwd command to change his password. What Happens during Logging in

CS5 26 Topic 10: Operating System Security Basics 8 bash pid2235 euid500 ruid500 suid500 bash pid2297 euid500 ruid500 suid500 passwd pid2297 euid0 ruid500 suid0 exec(“passwd”) The fork call creates a new process, which loads “passwd”, which is owned by root user, and has setuid bit set. What Happens during Logging in

See Slides on Signals

Clicker Question 1 (Socket Programming) A TCP client uses connect(sockfd, &addr, addrlen) A TCP server uses bind(sockfd, &addr, addrlen) and accept(sockfd, &addr, &addrlen) The three addresses in connect, bind, accept are A. Client, Server, Client B. Server, Server, Client C. Server, Client, Server D. Client, Client, Server E. None of the above

Clicker Question 2 (Server Concurrency) Among the following five types of server concurrency models, which one would provide the best throughput when serving many clients? A. Iterative Server B. Fork Process After Request C. Create New Thread After Request D. Pool of Threads E. Pool of Processes

Clicker Question 3 (setuid) When a process with (euid=1000,ruid=1000,suid=1000) calls exec on a /usr/bin/sudo, what are the resulting process’s pids? A.euid=1000,ruid=1000,suid=1000 B.euid=0,ruid=0,suid=0 C.euid=0,ruid=1000,suid=0 D.euid=1000,ruid=0,suid=1000 E.None of the above

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.