Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS252: Systems Programming Ninghui Li Based on Slides by Prof. Gustavo Rodriguez-Rivera Topic 17: Signals, Process Credentials.

Similar presentations


Presentation on theme: "CS252: Systems Programming Ninghui Li Based on Slides by Prof. Gustavo Rodriguez-Rivera Topic 17: Signals, Process Credentials."— Presentation transcript:

1 CS252: Systems Programming Ninghui Li Based on Slides by Prof. Gustavo Rodriguez-Rivera Topic 17: Signals, Process Credentials

2 Process’ Properties A process has the following properties: PID: Index in process table PPID: Parent process id PGID: Process group id (affect signal delivery) Command and Arguments Environment Variables Current Dir User IDs Stdin/Stdout/Stderr

3 Related System Calls #include pid_t getpid(void); get current process id pid_t getppid(void);get parent process id pid_t getpgrp(void);get process group id of current process pid_t getpgrp(pid_t pid); get process group id int setpgrp(pid_t pid, pid_t pgid); pid==0 sets current process, pgid==0 uses pid as pgid

4 CS5 26 Topic 10: Operating System Security Basics 4 Process User ID Model in Modern UNIX Systems Each process has three user IDs real user ID (ruid)owner of the process effective user ID (euid)used in most access control decisions saved user ID (suid) and three group IDs real group ID effective group ID saved group ID

5 CS5 26 Topic 10: Operating System Security Basics 5 Process User ID Model in Modern UNIX Systems When a process is created by fork it inherits all three users IDs from its parent process When a process executes a file by exec it keeps its three user IDs unless the set-user-ID bit of the file is set, in which case the effective uid and saved uid are assigned the user ID of the owner of the file A process may change the user ids via system calls

6 CS5 26 Topic 10: Operating System Security Basics 6 The Need for suid/sgid Bits Some operations are not modeled as files and require user id = 0 halting the system bind/listen on “privileged ports” (TCP/UDP ports below 1024) non-root users need these privileges File level access control is not fine-grained enough, e.g., turnin, to change your password, etc.

7 CS5 26 Topic 10: Operating System Security Basics 7 login pid2235 euid0 ruid0 suid0 login pid2235 euid500 ruid500 suid500 setuid(500) After the login process verifies that the entered password is correct, it issues a setuid system call. bash pid2235 euid500 ruid500 suid500 exec(“bash”) The login process then loads the shell, giving the user a login shell. fork() The user types in the passwd command to change his password. What Happens during Logging in

8 CS5 26 Topic 10: Operating System Security Basics 8 bash pid2235 euid500 ruid500 suid500 bash pid2297 euid500 ruid500 suid500 passwd pid2297 euid0 ruid500 suid0 exec(“passwd”) The fork call creates a new process, which loads “passwd”, which is owned by root user, and has setuid bit set. What Happens during Logging in

9 See Slides on Signals

10 Clicker Question 1 (Socket Programming) A TCP client uses connect(sockfd, &addr, addrlen) A TCP server uses bind(sockfd, &addr, addrlen) and accept(sockfd, &addr, &addrlen) The three addresses in connect, bind, accept are A. Client, Server, Client B. Server, Server, Client C. Server, Client, Server D. Client, Client, Server E. None of the above

11 Clicker Question 2 (Server Concurrency) Among the following five types of server concurrency models, which one would provide the best throughput when serving many clients? A. Iterative Server B. Fork Process After Request C. Create New Thread After Request D. Pool of Threads E. Pool of Processes

12 Clicker Question 3 (setuid) When a process with (euid=1000,ruid=1000,suid=1000) calls exec on a /usr/bin/sudo, what are the resulting process’s pids? A.euid=1000,ruid=1000,suid=1000 B.euid=0,ruid=0,suid=0 C.euid=0,ruid=1000,suid=0 D.euid=1000,ruid=0,suid=1000 E.None of the above


Download ppt "CS252: Systems Programming Ninghui Li Based on Slides by Prof. Gustavo Rodriguez-Rivera Topic 17: Signals, Process Credentials."

Similar presentations


Ads by Google